| |
| |||||||
Log-Analyse und Auswertung: Windows aus Sicherheitsgründen blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.04.2012, 02:33
| #1 |
| |  Windows aus Sicherheitsgründen blockiert Hallo zusammen :-) und Hilfe!!!! Meinen notebook hats erwischt. Ich war am surfen als auf einmal der Bildschirm schwarz wurde und eine Meldung auftauchte Windows aus sicherheitsgründen Bockiert. Ahhhhhhh!!!Ich hab mich dann gleich n bischen schlau gemacht und OTL durchlaufen lassen. Hier is er nu der OTL.txt Ich hoff ihr könnt mir helfen. Danke schonmal im voraus. Lg Rumpel OTL logfile created on: 01.04.2012 02:34:19 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\*********** ******\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,02% Memory free 7,86 Gb Paging File | 7,26 Gb Available in Paging File | 92,42% Paging File free Paging file location(s): c:\pagefile.sys 6000 7000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 104,15 Gb Free Space | 22,36% Space Free | Partition Type: NTFS Computer Name: ************ | User Name: *********** ****** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.01 02:31:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Rumpelwicht Studio\Desktop\24960-OTL.exe PRC - [2012.03.18 06:09:54 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2012.03.18 06:09:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.18 06:33:23 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.21 17:41:26 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.22 16:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.21 15:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.09 10:58:02 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.11.09 10:58:02 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.04.11 14:37:17 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1avs.sys -- (ak1avs) DRV:64bit: - [2011.04.11 14:37:17 | 000,098,384 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ak1usb.sys -- (ak1usb_svc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.17 02:11:45 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.06.23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.03 19:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.04.13 16:47:12 | 000,200,200 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys -- (MAUSBMIDI) DRV:64bit: - [2010.01.25 15:57:22 | 000,173,952 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64) DRV:64bit: - [2009.10.26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial) DRV:64bit: - [2009.10.08 14:06:48 | 000,045,136 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1avs_x64.sys -- (ak1avs_x64) DRV:64bit: - [2009.10.08 14:06:45 | 000,300,624 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1usb_x64.sys -- (ak1usb_x64) DRV:64bit: - [2009.07.21 18:32:16 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (R300) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.07.14 02:06:41 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sonydcam.sys -- (sonydcam) DRV:64bit: - [2009.07.14 01:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mf.sys -- (mf) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.21 14:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV - [2011.12.12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.11.09 10:58:02 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011.11.09 10:58:02 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.09.20 18:34:56 | 000,025,088 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ak1avs.sys -- (ak1avs) DRV - [2006.09.20 18:34:40 | 000,084,992 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ak1usb.sys -- (ak1usb_svc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 7D 72 57 3D 18 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{EA4DF622-5415-4BC2-8781-8D9F2A080239}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=c8f32827-ad1d-4f6d-8da4-7ac3d527973f&apn_sauid=1537CA08-B087-4976-B9D9-7BF5431FE7B4 IE - HKCU\..\SearchScopes\{F10A2B35-2755-46F7-9206-5A2B56AE1524}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 09:21:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 01:01:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 06:09:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.04 05:51:00 | 000,000,000 | ---D | M] [2012.02.18 06:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Extensions [2012.03.30 04:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Firefox\Profiles\wg8ntki3.default\extensions [2012.02.14 05:01:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Firefox\Profiles\wg8ntki3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 04:33:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Firefox\Profiles\wg8ntki3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012.02.16 00:13:41 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Firefox\Profiles\wg8ntki3.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2012.02.18 00:57:17 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Rumpelwicht Studio\AppData\Roaming\mozilla\Firefox\Profiles\wg8ntki3.default\extensions\welcome@toolmin.com [2011.05.17 14:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Mozilla\Firefox\Profiles\wg8ntki3.default\searchplugins\askcom.xml [2011.07.24 15:30:38 | 000,000,933 | ---- | M] () -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Mozilla\Firefox\Profiles\wg8ntki3.default\searchplugins\conduit.xml [2012.02.18 03:19:05 | 000,002,519 | ---- | M] () -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Mozilla\Firefox\Profiles\wg8ntki3.default\searchplugins\Search_Results.xml [2012.02.18 07:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.19 14:00:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.18 01:01:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5[2012.03.18 06:09:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 00:57:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.02.18 03:19:05 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=164&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Rumpelwicht Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Rumpelwicht Studio\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKCU..\Run: [SkypePM] C:\Users\Rumpelwicht Studio\AppData\Local\Skype\SkypePM.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C43AFE-C893-4A68-92B7-97A748DA70FF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A53F0C-81EB-42E9-A8BF-B4851EFAE729}: DhcpNameServer = 192.168.1.55 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\uninstaller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\veohwebplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\verbindungsassistent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\uninstaller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\veohwebplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\verbindungsassistent.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{56bee805-5e94-11e1-9fb9-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{56bee805-5e94-11e1-9fb9-0018f3d6e294}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{63fcff26-d983-11df-a43c-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{63fcff26-d983-11df-a43c-0018f3d6e294}\Shell\AutoRun\command - "" = L:\setup.exe O33 - MountPoints2\{82797ff3-0a44-11e1-b2de-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{82797ff3-0a44-11e1-b2de-0018f3d6e294}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{82798003-0a44-11e1-b2de-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{82798003-0a44-11e1-b2de-0018f3d6e294}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{8279802f-0a44-11e1-b2de-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{8279802f-0a44-11e1-b2de-0018f3d6e294}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{d3cabfb1-0bdc-11e1-b682-0018f3d6e294}\Shell - "" = AutoRun O33 - MountPoints2\{d3cabfb1-0bdc-11e1-b682-0018f3d6e294}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8E1868D5-BBA5-E571-405C-47A94AF38AB9} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.04.01 02:31:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Rumpelwicht Studio\Desktop\24960-OTL.exe [2012.03.31 10:14:11 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\Jan Delay_Wir Kinder Vom Bahnhof Soul [2012.03.20 04:12:53 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\rumpel [2012.03.19 13:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.19 13:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.19 07:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9} [2012.03.19 07:41:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} [2012.03.19 06:44:34 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\Native.Instruments.Guitar.Rig.5.Pro.STANDALONE.VST.RTAS.v5.0.1.x86.x64.WORKiNG.ASSiGN [2012.03.19 06:31:34 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\Unheilig_-_Lichter_Der_Stadt_2CD [2012.03.11 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\mixe rumpel [2012.03.11 03:15:42 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\AppData\Local\{C494CB4C-2DED-4A25-BE8C-19544B7094D1} [2012.03.11 03:15:28 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\AppData\Local\{B6F2E94C-4278-4706-BDAC-D6E6787FAACA} [2012.03.10 02:31:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6} [2012.03.10 02:09:22 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Desktop\Native_Instruments_Massive_v1.2.1_WIN_x86x64 [2012.03.09 14:37:55 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5 [2012.03.09 05:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge µTonic VST [2012.03.09 05:15:43 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\Documents\ArtsAcoustic Reverb [2012.03.09 05:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ArtsAcoustic [2012.03.09 05:15:38 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArtsAcoustic Reverb [2012.03.09 05:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtsAcoustic Reverb [2012.03.09 05:12:02 | 000,000,000 | ---D | C] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apulSoft [2012.03.09 05:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\apulSoft [2012.03.09 05:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\apulSoft [2010.10.17 19:27:05 | 001,339,904 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Volcano 2.dll [2010.10.17 19:27:04 | 002,121,216 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Twin 2.dll [2010.10.17 19:27:04 | 001,418,240 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Timeless 2.dll [2010.10.17 19:27:04 | 001,003,520 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Pro-C.dll [2010.10.17 19:27:04 | 000,861,696 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Pro-Q.dll [2010.10.17 19:27:04 | 000,839,168 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Simplon.dll [2010.10.17 19:27:03 | 000,912,384 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter One.dll [2010.10.17 19:27:03 | 000,762,368 | ---- | C] (FabFilter) -- C:\Program Files (x86)\FabFilter Micro.dll ========== Files - Modified Within 30 Days ========== [2012.04.01 02:31:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Rumpelwicht Studio\Desktop\24960-OTL.exe [2012.04.01 02:27:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.01 02:27:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.01 02:27:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.01 02:27:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.01 02:27:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.01 02:23:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.01 02:22:51 | 1610,039,296 | -HS- | M] () -- C:\hiberfil.sys [2012.04.01 01:36:17 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.01 01:36:17 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.31 19:49:25 | 018,995,959 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\satisfaction - Ausgang - Stereo Out.mp3 [2012.03.31 19:49:24 | 009,854,181 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Jan Delay - Hoffnung (cover).mp3 [2012.03.31 10:22:23 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Traktor.lnk [2012.03.29 19:47:44 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.29 19:47:44 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.20 20:59:57 | 000,000,701 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\My photos.lnk [2012.03.19 19:38:00 | 006,491,648 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Rumpelwicht-contct high intro und nice one - Ausgang - Stereo Out.mp3 [2012.03.19 07:47:29 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 5.lnk [2012.03.19 07:41:50 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2012.03.19 06:42:33 | 000,043,845 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\rockon.jpg [2012.03.19 06:35:38 | 000,020,872 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Die-Simpsons-werden-um-zwei-Staffeln-verlaengert_ArtikelQuer.jpg [2012.03.19 01:32:38 | 000,001,070 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Guitar Rig 4.lnk [2012.03.15 04:29:42 | 005,517,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.11 06:04:58 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Team iLuminate - All Performances_avi.AVD [2012.03.11 06:03:51 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Team Iluminate finals performance_avi.AVD [2012.03.11 06:03:31 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Black Light Theater Image in Prag_avi.AVD [2012.03.11 06:03:18 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Glow in the Dark illusion dancing_avi.AVD [2012.03.11 06:02:38 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Fighting Gravity - America's Got Talent 2010_avi.AVD [2012.03.11 06:02:18 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\ZOOM PARTY_avi.AVD [2012.03.11 06:01:24 | 000,004,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Zoom 2001 after street parade_ zurich_avi.AVD [2012.03.11 02:56:04 | 063,906,265 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Rumpelrox mix.mp3 [2012.03.10 14:33:58 | 000,041,714 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\womens day is over.jpg [2012.03.10 02:31:47 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk [2012.03.09 22:01:51 | 000,524,289 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return3.png [2012.03.09 21:59:50 | 001,254,934 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return2.png [2012.03.09 21:57:28 | 002,318,111 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return.png [2012.03.09 16:33:26 | 018,785,736 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\point of no return. for noah my son 2012 remastermaster - Ausgang - Stereo Out.mp3 [2012.03.09 14:39:39 | 000,002,214 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Cubase 5.lnk [2012.03.09 08:16:45 | 020,671,328 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\zwergenstampfer2012 remaster1 - Ausgang - Audio Kontrol 1 Stereo Out.mp3 [2012.03.09 03:15:44 | 062,305,404 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.wav [2012.03.09 03:15:44 | 000,304,304 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.pk [2012.03.09 02:46:09 | 000,356,085 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.wav.asd [2012.03.07 22:40:12 | 000,171,691 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Desktop\Zündapp cs25.jpg ========== Files Created - No Company Name ========== [2012.03.31 10:48:14 | 009,854,181 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Jan Delay - Hoffnung (cover).mp3 [2012.03.31 10:22:23 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Traktor.lnk [2012.03.20 20:59:57 | 000,000,701 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\My photos.lnk [2012.03.19 19:17:12 | 006,491,648 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Rumpelwicht-contct high intro und nice one - Ausgang - Stereo Out.mp3 [2012.03.19 07:47:29 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 5.lnk [2012.03.19 07:41:50 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2012.03.19 06:42:32 | 000,043,845 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\rockon.jpg [2012.03.19 06:35:34 | 000,020,872 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Die-Simpsons-werden-um-zwei-Staffeln-verlaengert_ArtikelQuer.jpg [2012.03.19 01:32:38 | 000,001,070 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Guitar Rig 4.lnk [2012.03.11 13:57:27 | 018,995,959 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\satisfaction - Ausgang - Stereo Out.mp3 [2012.03.11 06:03:57 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Team iLuminate - All Performances_avi.AVD [2012.03.11 06:03:32 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Team Iluminate finals performance_avi.AVD [2012.03.11 06:03:19 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Black Light Theater Image in Prag_avi.AVD [2012.03.11 06:02:40 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Glow in the Dark illusion dancing_avi.AVD [2012.03.11 06:02:19 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Fighting Gravity - America's Got Talent 2010_avi.AVD [2012.03.11 06:01:26 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\ZOOM PARTY_avi.AVD [2012.03.11 06:00:35 | 000,004,176 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Zoom 2001 after street parade_ zurich_avi.AVD [2012.03.11 02:49:05 | 063,906,265 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Rumpelrox mix.mp3 [2012.03.10 14:33:40 | 000,041,714 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\womens day is over.jpg [2012.03.10 02:31:47 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk [2012.03.09 23:58:36 | 002,318,111 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return.png [2012.03.09 23:58:32 | 001,254,934 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return2.png [2012.03.09 23:58:30 | 000,524,289 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\frequenzanalyse point of no return3.png [2012.03.09 23:57:22 | 018,785,736 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\point of no return. for noah my son 2012 remastermaster - Ausgang - Stereo Out.mp3 [2012.03.09 14:39:39 | 000,002,214 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Cubase 5.lnk [2012.03.09 08:11:13 | 020,671,328 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\zwergenstampfer2012 remaster1 - Ausgang - Audio Kontrol 1 Stereo Out.mp3 [2012.03.09 05:08:53 | 019,628,870 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\jiser fx.rar [2012.03.09 05:07:48 | 035,404,455 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Sonnox Oxford - all Native VST plugins (10-2007) AiR.rar [2012.03.09 03:13:41 | 000,304,304 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.pk [2012.03.09 02:46:08 | 000,356,085 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.wav.asd [2012.03.09 02:45:08 | 062,305,404 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\niceone waiting for.wav [2012.03.07 22:40:08 | 000,171,691 | ---- | C] () -- C:\Users\Rumpelwicht Studio\Desktop\Zündapp cs25.jpg [2012.02.25 06:41:25 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll [2012.02.17 13:38:52 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.02.14 08:49:23 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.02.12 16:31:08 | 000,000,083 | ---- | C] () -- C:\Windows\wwp_game.INI [2011.05.23 09:19:50 | 000,000,055 | ---- | C] () -- C:\Windows\SQ.INI [2011.05.20 21:04:29 | 000,000,000 | ---- | C] () -- C:\Users\Rumpelwicht Studio\AppData\Local\{9DC1F041-7642-4F7A-9A1D-B5E024AFF1BC} [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.05 23:23:11 | 000,011,264 | ---- | C] () -- C:\Users\Rumpelwicht Studio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.31 04:14:22 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\minimp3.exe [2010.10.17 19:27:05 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Volcano 2 (SC).dll [2010.10.17 19:27:05 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Volcano 2 (Mono).dll [2010.10.17 19:27:05 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Volcano 2 (Mono SC).dll [2010.10.17 19:27:04 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Timeless 2 (SC).dll [2010.10.17 19:27:04 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Pro-Q (Mono).dll [2010.10.17 19:27:04 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Pro-C (SC).dll [2010.10.17 19:27:04 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Pro-C (Mono).dll [2010.10.17 19:27:04 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Pro-C (Mono SC).dll [2010.10.17 19:27:03 | 000,058,368 | ---- | C] () -- C:\Program Files (x86)\FabFilter Micro (Mono).dll [2010.10.17 19:07:53 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.10.17 16:17:20 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2010.10.16 22:28:18 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys [2010.10.16 22:12:59 | 000,833,169 | ---- | C] () -- C:\Windows\PhaseTwo VST plug-in Uninstaller.exe [2010.10.16 22:10:51 | 000,833,179 | ---- | C] () -- C:\Windows\Ronin VST plug-in Uninstaller.exe [2010.10.16 22:08:48 | 000,833,232 | ---- | C] () -- C:\Windows\BigSeq VST plug-in Uninstaller.exe [2010.10.16 17:16:40 | 000,007,604 | ---- | C] () -- C:\Users\Rumpelwicht Studio\AppData\Local\Resmon.ResmonCfg [2010.10.16 15:37:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.02.14 04:53:06 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Ableton [2010.12.18 09:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Antares [2012.02.14 04:53:08 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\COWON [2010.10.17 02:24:20 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\DAEMON Tools Lite [2012.02.24 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Deckadance16 [2012.03.31 10:44:22 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoft [2012.02.17 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.16 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\FabFilter [2012.02.27 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\GetRightToGo [2012.04.01 00:06:17 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\go [2012.02.27 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\HDX4 GmbH [2010.10.16 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\JAM Software [2012.02.14 04:53:08 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\MAGIX [2012.02.14 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Noxum GmbH [2012.02.14 04:53:17 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\OpenOffice.org [2010.10.16 23:21:52 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\PACE Anti-Piracy [2012.02.14 04:53:17 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Psicraft [2012.02.24 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\SongManager [2012.02.14 04:53:18 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Steinberg [2012.02.27 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\SuperEasy Software [2012.02.14 03:10:38 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Synaptics [2010.10.16 17:23:28 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Timeless [2012.02.18 00:57:17 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\toolplugin [2012.02.14 04:53:19 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\TuneUp Software [2012.02.25 07:00:53 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\ueberschall [2011.11.14 00:31:37 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Verbindungsassistent [2012.03.09 04:06:46 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\VST3 Presets [2010.10.16 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\WinBar [2012.02.18 15:29:49 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Windows Live Writer [2012.02.14 04:53:23 | 000,000,000 | ---D | M] -- C:\Users\Rumpelwicht Studio\AppData\Roaming\Windows SideBar [2011.12.16 17:48:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.24 12:09:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.10.26 21:46:23 | 000,000,000 | ---D | M] -- C:\ATI [2012.02.13 21:53:41 | 000,000,000 | -HSD | M] -- C:\Boot [2010.10.16 18:23:20 | 000,000,000 | ---D | M] -- C:\CFLog [2012.03.31 10:30:30 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.16 14:22:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.10.16 21:34:19 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.24 23:20:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.01 01:23:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.04.01 01:23:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.16 14:22:06 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.17 14:08:39 | 000,000,000 | ---D | M] -- C:\RebeatV1.0 [2010.10.16 14:22:07 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.19 01:12:07 | 000,000,000 | R--D | M] -- C:\STUDIO VST SETUPS [2012.03.10 20:25:06 | 000,000,000 | ---D | M] -- C:\StudioSTUFF [2012.03.31 10:34:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.22 12:33:11 | 000,000,000 | ---D | M] -- C:\team17 [2012.02.13 22:02:19 | 000,000,000 | ---D | M] -- C:\temp [2008.06.13 00:54:09 | 000,000,000 | R--D | M] -- C:\Users [2012.04.01 01:19:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2010.10.17 02:49:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=0C3B8F726225A3025143391B03383971 -- C:\Windows\Resources\Themes\Qs Counter Elements 7\System Files\Qs Counter Elements 7 Start Orb\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.10.18 14:37:29 | 047,380,069 | ---- | M] () -- C:\Users\Rumpelwicht Studio\1. Dual Control - SabotagePSR.flac [2010.10.18 14:36:24 | 041,800,808 | ---- | M] () -- C:\Users\Rumpelwicht Studio\1. Orgon Groove - Same shite but diffrent!PSR.flac [2010.10.18 14:37:27 | 053,412,399 | ---- | M] () -- C:\Users\Rumpelwicht Studio\10. Elastique Soul - Me and MyselfPSR.flac [2010.10.18 14:30:25 | 046,007,953 | ---- | M] () -- C:\Users\Rumpelwicht Studio\10. Necmi & Rumpelwicht - Hit the FroggerPSR.flac [2010.10.18 14:39:24 | 047,901,734 | ---- | M] () -- C:\Users\Rumpelwicht Studio\2. Mindaerobics - MoontasticPSR.flac [2010.10.18 14:33:21 | 046,196,176 | ---- | M] () -- C:\Users\Rumpelwicht Studio\2. Zonka & Haka - AristotelesPSR.flac [2010.10.18 14:36:00 | 049,292,795 | ---- | M] () -- C:\Users\Rumpelwicht Studio\3. Moontales - MindtrapPSR.flac [2010.10.18 14:41:13 | 056,334,105 | ---- | M] () -- C:\Users\Rumpelwicht Studio\3. Tryptamoon - YulePSR.flac [2010.10.18 14:43:46 | 067,824,831 | ---- | M] () -- C:\Users\Rumpelwicht Studio\4. Forward & Hatikwa - Ankara LovestoryPSR.flac [2010.10.18 14:31:00 | 038,928,317 | ---- | M] () -- C:\Users\Rumpelwicht Studio\4. Zoetropes - RifflePSR.flac [2010.10.18 14:31:08 | 042,871,416 | ---- | M] () -- C:\Users\Rumpelwicht Studio\5. Nitro & Glycerine meetz Patara - Feel UnrealPSR.flac [2010.10.18 14:16:32 | 055,972,825 | ---- | M] () -- C:\Users\Rumpelwicht Studio\5. Shinouda - Multi KultiPSR.flac [2010.10.18 14:33:38 | 052,591,629 | ---- | M] () -- C:\Users\Rumpelwicht Studio\6. Inference - The StormPSR.flac [2010.10.18 14:38:14 | 048,815,711 | ---- | M] () -- C:\Users\Rumpelwicht Studio\6. Psychosomatic - Frog me into SunPSR.flac [2010.10.18 14:40:07 | 046,971,902 | ---- | M] () -- C:\Users\Rumpelwicht Studio\7. Monod - Trip GuidePSR.flac [2010.10.18 14:35:13 | 045,111,007 | ---- | M] () -- C:\Users\Rumpelwicht Studio\7. NAD - Tumbling DownPSR.flac [2010.10.18 14:35:36 | 045,514,077 | ---- | M] () -- C:\Users\Rumpelwicht Studio\8. Gainbang Group - lazy Sunday afternoonPSR.flac [2010.10.18 14:43:22 | 065,891,535 | ---- | M] () -- C:\Users\Rumpelwicht Studio\8. Mahruna - FractalPSR.flac [2010.10.18 14:39:15 | 046,692,749 | ---- | M] () -- C:\Users\Rumpelwicht Studio\9. Forward - Thrust (Original)PSR.flac [2010.10.18 14:37:21 | 049,762,681 | ---- | M] () -- C:\Users\Rumpelwicht Studio\9. Toxynth - RepulsePSR.flac [2012.02.27 09:26:58 | 000,036,564 | ---- | M] () -- C:\Users\Rumpelwicht Studio\facebook sprüche hammer!.txt [2012.02.26 11:05:22 | 002,359,296 | ---- | M] () -- C:\Users\Rumpelwicht Studio\LiveCut.dll [2012.04.01 02:54:39 | 005,242,880 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat [2012.04.01 02:54:39 | 000,262,144 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat.LOG1 [2010.12.14 01:21:21 | 000,030,208 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat.LOG2 [2010.10.16 14:23:43 | 000,065,536 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.10.16 14:23:43 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.10.16 14:23:43 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.12.18 09:21:13 | 000,065,536 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{07d49765-0a62-11e0-a69a-0018f3d6e294}.TM.blf [2010.12.18 09:21:13 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{07d49765-0a62-11e0-a69a-0018f3d6e294}.TMContainer00000000000000000001.regtrans-ms [2010.12.18 09:21:13 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{07d49765-0a62-11e0-a69a-0018f3d6e294}.TMContainer00000000000000000002.regtrans-ms [2012.02.14 05:03:48 | 000,065,536 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{97481c14-56b5-11e1-9f09-d856cf318d3c}.TM.blf [2012.02.14 05:03:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{97481c14-56b5-11e1-9f09-d856cf318d3c}.TMContainer00000000000000000001.regtrans-ms [2012.02.14 05:03:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{97481c14-56b5-11e1-9f09-d856cf318d3c}.TMContainer00000000000000000002.regtrans-ms [2011.02.06 02:02:00 | 000,065,536 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{d4f525c5-3182-11e0-b541-0018f3d6e294}.TM.blf [2011.02.06 02:02:00 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{d4f525c5-3182-11e0-b541-0018f3d6e294}.TMContainer00000000000000000001.regtrans-ms [2011.02.06 02:02:00 | 000,524,288 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.dat{d4f525c5-3182-11e0-b541-0018f3d6e294}.TMContainer00000000000000000002.regtrans-ms [2010.10.16 14:23:06 | 000,000,020 | -HS- | M] () -- C:\Users\Rumpelwicht Studio\ntuser.ini [2012.02.26 11:05:01 | 000,467,456 | ---- | M] () -- C:\Users\Rumpelwicht Studio\ShivaShifta.dll [2011.08.27 14:14:45 | 044,200,495 | ---- | M] () -- C:\Users\Rumpelwicht Studio\Sugarbytes.Turnado.v1.0.1.WIN.OSX.Incl.Keygen-AiR.rar [2011.03.06 05:11:22 | 012,617,168 | ---- | M] () -- C:\Users\Rumpelwicht Studio\söraundsoundmastrfertschkl.mp3 [2011.07.23 10:12:44 | 000,604,512 | ---- | M] () -- C:\Users\Rumpelwicht Studio\söraundsoundmastrfertschkl.mp3.asd < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Files - Unicode (All) ========== [2012.02.04 10:46:44 | 029,907,502 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\??????????? [??]????????????-??/??-.avi) -- C:\Users\Rumpelwicht Studio\Desktop\早乙女太一☓チームラボ [吉例]新春特別公演「龍と牡丹」-剣舞/影絵-.avi [2012.02.04 10:45:55 | 029,907,502 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\??????????? [??]????????????-??/??-.avi) -- C:\Users\Rumpelwicht Studio\Desktop\早乙女太一☓チームラボ [吉例]新春特別公演「龍と牡丹」-剣舞/影絵-.avi [2012.02.04 07:34:51 | 248,580,156 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 3 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 3 __RWV™】.avi [2012.02.04 07:29:50 | 248,580,156 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 3 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 3 __RWV™】.avi [2012.02.04 07:29:49 | 564,756,636 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 2 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 2 __RWV™】.avi [2012.02.04 07:20:21 | 564,756,636 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 2 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 2 __RWV™】.avi [2012.02.04 07:20:19 | 426,893,852 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™】.avi [2012.02.04 07:11:49 | 426,893,852 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™?.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™】.avi [2012.02.04 07:08:49 | 318,922,954 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™?_2.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™】_2.avi [2012.02.04 07:01:13 | 318,922,954 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™?_2.avi) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™】_2.avi [2012.02.04 06:58:29 | 105,391,647 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™?.mp4) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™】.mp4 [2012.02.04 06:54:09 | 105,391,647 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™?.mp4) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of 2011 Part 1 __RWV™】.mp4 [2012.02.04 06:46:05 | 224,146,998 | ---- | C] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™?.mp4) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™】.mp4 [2012.02.02 19:19:32 | 224,146,998 | ---- | M] ()(C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™?.mp4) -- C:\Users\Rumpelwicht Studio\Desktop\Win_Luck Compilation of January 2012 __RWV™】.mp4 ========== Alternate Data Streams ========== @Alternate Data Stream - 1412 bytes -> C:\ProgramData\Microsoft  WSLaKbm4xPOKoiujTYltagIv@Alternate Data Stream - 1387 bytes -> C:\ProgramData\Microsoft:8ya3LbgoWCs1h1Feuid9 @Alternate Data Stream - 1222 bytes -> C:\ProgramData\Microsoft:KZdGaVx3YKBPQB7vbiUU3g2H9abLd < End of report > |
|
01.04.2012, 16:31
| #2 |
| /// Malware-holic   | Windows aus Sicherheitsgründen blockiert hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Rumpelwicht Studio\AppData\Local\Skype\SkypePM.exe ()
:Files
C:\Users\Rumpelwicht Studio\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
| Themen zu Windows aus Sicherheitsgründen blockiert |
| alternate, asus, auswertung, bho, bildschirm, black, blockiert, converter, cubase, downloader, explorer, firefox, format, gfnexsrv.exe, google earth, helper, hilfe!!, langs, logfile, mozilla, mp3, nvidia, nvstor.sys, otl textdatei, pdf, plug-in, programme, realtek, registry, required, rundll, scan, search the web, searchscopes, sicherheitsgründen, software, surfen, windows, winlogon.exe |
Linear-Darstellung
