Ich habe den Gema Trojaner. Was tun?

LEJ · 08.06.2012, 15:28

Als ich den Rechner heute anwarf, hatte ich den Gema Trojaner. Ich dachte ich hätte ihn gekillt und habe zusetzlich eine Systemherstellung zum 04.06 gemacht. Jetzt sehe ich das sehr viele wichtige Dateien gelocked sind, leider auch auf der externen Backup Festplatte.

Was tun??

cosinus · 10.06.2012, 17:51

Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer

es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Eine Notlösung für Vista und Win7-User => http://www.trojaner-board.de/115496-...erstellen.html

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

LEJ · 10.06.2012, 22:49

Diesen Test habe ich als Letztes(heute) gemacht:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lui :: LUI-PC [Administrator]

Schutz: Aktiviert

10.06.2012 21:18:01
mbam-log-2012-06-10 (21-18-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212177
Laufzeit: 2 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

Und diesen unmittelbar nachdem ich den Trojaner hatte:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lui :: LUI-PC [Administrator]

Schutz: Aktiviert

08.06.2012 13:24:16
mbam-log-2012-06-08 (13-24-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211342
Laufzeit: 2 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 2612 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Baidu (PUP.Baidu) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|C8011FA2 (Trojan.Agent.RNSGen) -> Daten: C:\Users\Lui\AppData\Roaming\Lzxjfjfzxz\294D4A4AC8011FA2821B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Lui\AppData\Roaming\baidu (PUP.Baidu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\AppData\Roaming\baidu\hao123 (PUP.Baidu) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart.
C:\Users\Lui\AppData\Local\Temp\~!#692E.tmp (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\Downloads\AudioConverterSetup.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\AppData\Roaming\Lzxjfjfzxz\294D4A4AC8011FA2821B.exe (Trojan.Agent.RNSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85dfaa6d91ffdb44b8285642a019f4d8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 09:19:09
# local_time=2012-06-09 11:19:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=768 16777215 100 0 45134525 45134525 0 0
# compatibility_mode=5893 16776574 66 85 45421472 90902534 0 0
# compatibility_mode=8192 67108863 100 0 105438 105438 0 0
# scanned=314023
# found=13
# cleaned=0
# scan_time=4065
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\FoxTabAudioConverter\AudioConverter.exe	a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\VideoConverter\VideoConverter.exe	a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe	a variant of Win32/InstallCore.J application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Lui\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Lui\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Lui\AppData\Local\Temp\is1373634743\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Lui\Desktop\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85dfaa6d91ffdb44b8285642a019f4d8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 11:11:31
# local_time=2012-06-10 01:11:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=768 16777215 100 0 45141214 45141214 0 0
# compatibility_mode=5893 16776574 66 85 45428161 90909223 0 0
# compatibility_mode=8192 67108863 100 0 112127 112127 0 0
# scanned=315547
# found=13
# cleaned=13
# scan_time=4118
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\FoxTabAudioConverter\AudioConverter.exe	a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\VideoConverter\VideoConverter.exe	a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe	a variant of Win32/InstallCore.J application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Lui\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Lui\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Lui\AppData\Local\Temp\is1373634743\MyBabylonTB.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Lui\Desktop\registrybooster.exe	Win32/RegistryBooster application (deleted - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=85dfaa6d91ffdb44b8285642a019f4d8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 09:28:07
# local_time=2012-06-10 11:28:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=768 16777215 100 0 45221902 45221902 0 0
# compatibility_mode=5893 16776574 66 85 45505249 90986311 0 0
# compatibility_mode=8192 67108863 100 0 185615 185615 0 0
# scanned=410457
# found=0
# cleaned=0
# scan_time=7226

Ich habe übrigens alle meine verschlüsselten Daten mit dem Tool DecryptHelper komplett entschlüsseln können. Ich schliesse meine externe Festplatte mit dem Backup ab jetzt nur noch an, wenn ich Daten speichern will.

cosinus · 11.06.2012, 11:30

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Zitat:

C:\Users\Lui\Desktop\registrybooster.exe

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

LEJ · 11.06.2012, 14:20

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.11.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lui :: LUI-PC [Administrator]

Schutz: Aktiviert

11.06.2012 12:56:58
mbam-log-2012-06-11 (12-56-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 605313
Laufzeit: 1 Stunde(n), 28 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Lui\AppData\Roaming\Thinstall\Toon Boom Animate Pro PLE\%Local AppData%\Thinstall\Cache\Stubs\f99249ec892197e5c93a8522326af037ee2b5a\wstart.exe.125094c.tmp (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\AppData\Roaming\Thinstall\Toon Boom Animate Pro PLE\%Local AppData%\Thinstall\Cache\Stubs\f99249ec892197e5c93a8522326af037ee2b5a\wstart.exe.13c8694.tmp (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\AppData\Roaming\Thinstall\Toon Boom Animate Pro PLE\%Local AppData%\Thinstall\Cache\Stubs\f99249ec892197e5c93a8522326af037ee2b5a\wstart.exe.62cc24.tmp (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lui\AppData\Roaming\Thinstall\Toon Boom Animate Pro PLE\%Local AppData%\Thinstall\Cache\Stubs\f99249ec892197e5c93a8522326af037ee2b5a\wstart.exe.8101228.tmp (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.

cosinus · 11.06.2012, 15:30

Zitat:

C:\Users\Lui\AppData\Roaming\Thinstall\Toon Boom Animate Pro PLE\%Local AppData%\Thinstall\Cache\Stubs\f99249ec892197e5c93a8522326af037ee2b5a\wstart.exe.125094c.tm

Sagt dir das etwas?

LEJ · 11.06.2012, 15:45

Zitat:

Zitat von cosinus

Sagt dir das etwas?

Nein. In wie fern? Hat das irgendwas mit dem Gema Trojaner zu tun und kann man erkennen ob er weg ist?

cosinus · 11.06.2012, 15:58

Ich dachte Thinstall sagt dir etwas...

LEJ · 11.06.2012, 16:07

Nein, ich weiss nicht was das ist.

cosinus · 11.06.2012, 16:08

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

LEJ · 11.06.2012, 16:25

1) Windows lief im Grunde die ganze Zeit normal. Ich hatte einmal die Gema Meldung, konnte aber normal auf alles zugreifen, hab dann Malwarebytes laufen lassen und alles gekillt und danach war alles wieder normal ausser, dass ein Haufen Dateien verschlüsselt waren, die ich dann mit DecryptHelper alle wieder entschlüsselt habe. Danach kam auch nichts mehr Ungewöhnliches.

2) Soweit scheint alles normal zu sein, also keine leeren Ordner, alle Programme noch da.

cosinus · 11.06.2012, 20:18

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

LEJ · 11.06.2012, 22:47

Code:

ATTFilter

OTL logfile created on: 11.06.2012 22:50:40 - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Lui\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,19% Memory free
11,98 Gb Paging File | 9,53 Gb Available in Paging File | 79,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,77 Gb Total Space | 484,20 Gb Free Space | 70,10% Space Free | Partition Type: NTFS
Drive D: | 690,77 Gb Total Space | 313,51 Gb Free Space | 45,39% Space Free | Partition Type: NTFS
Drive E: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 443,94 Gb Free Space | 47,66% Space Free | Partition Type: NTFS
 
Computer Name: LUI-PC | User Name: Lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lui\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.14 19:08:41 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lui\Desktop\OTL.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.02.11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.08.04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.06.29 20:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.14 21:46:18 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.17 20:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.02.11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
MOD - [2011.01.07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.01.07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.01.07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.01.07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.01.07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010.08.04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.08.04 11:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.09 02:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012.05.11 16:36:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.03.07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.01 01:29:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.14 21:46:18 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.07 01:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.03.07 01:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.07 00:44:51 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.22 16:35:21 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.31 23:36:17 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.28 00:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.01.25 01:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010.01.14 21:45:19 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.22 01:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{05B0680E-25EA-4386-8E25-F3D67482641F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=JQ&apn_dtid=YYYYYYYYDE&apn_uid=4C0BDAAA-47C3-4A68-86F0-48669A423197&apn_sauid=65D0616C-5D70-44E5-A19E-7071CFE6D474
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&tt=100512_3_&babsrc=SP_ss&mntrId=c8011fa200000000000094445201e607
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541405752646108
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com"
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.11 20:03:59 | 000,000,000 | ---D | M]
 
[2012.01.14 15:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lui\AppData\Roaming\mozilla\Extensions
[2012.03.03 15:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lui\AppData\Roaming\mozilla\Firefox\Profiles\mv9valon.default\extensions
[2012.03.03 15:12:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Lui\AppData\Roaming\mozilla\Firefox\Profiles\mv9valon.default\extensions\ffxtlbr@babylon.com
[2012.05.04 13:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lui\AppData\Roaming\mozilla\Firefox\Profiles\p7c83ye0.default\extensions
[2012.05.04 13:50:21 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Lui\AppData\Roaming\mozilla\Firefox\Profiles\p7c83ye0.default\extensions\toolbar@ask.com
[2012.02.05 13:57:36 | 000,005,604 | ---- | M] () -- C:\Users\Lui\AppData\Roaming\Mozilla\Firefox\Profiles\mv9valon.default\searchplugins\Linkury Smartbar Search.xml
[2012.05.18 23:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.18 23:52:33 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2011.08.05 02:37:01 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.08.06 22:52:39 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.30 17:20:48 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchdrive.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\locked-.iyrh
CHR - Extension: Google-Suche = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\locked-.rinf
CHR - Extension: DealPly = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\locked-.oojn
CHR - Extension: avast! WebRep = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\locked-.fwyw
CHR - Extension: Facemoods = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\locked-.qiah
CHR - Extension: Facemoods = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\locked-.yvlv
CHR - Extension: Google Mail = C:\Users\Lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\locked-.oasa
 
O1 HOSTS File: ([2010.04.30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S901F.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000..\Run: [EPSON SX110 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S166C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lui\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3695483296-2475243777-2345942421-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5642B758-31F7-4F1C-BE17-DC57AA293934}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{638987BE-7E4F-42AC-B508-45C550FC6495}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.11 00:16:55 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2c8b8484-fcaf-11e0-b1a9-d027881d1d58}\Shell - "" = AutoRun
O33 - MountPoints2\{2c8b8484-fcaf-11e0-b1a9-d027881d1d58}\Shell\AutoRun\command - "" = I:\product\mm18pro_setup.exe
O33 - MountPoints2\{e5f66bc9-476e-11e1-b5aa-d027881d1d58}\Shell - "" = AutoRun
O33 - MountPoints2\{e5f66bc9-476e-11e1-b5aa-d027881d1d58}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e5f66be4-476e-11e1-b5aa-d027881d1d58}\Shell - "" = AutoRun
O33 - MountPoints2\{e5f66be4-476e-11e1-b5aa-d027881d1d58}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - 
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - 
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D36DC477-EE54-6407-4FFF-390082CCA1F8} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{44AA34CC-6E40-4D7C-B18E-7744E2933DF3}
[2012.06.11 14:39:58 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{9CC77E3B-70CB-4E13-8319-1468B5279D5E}
[2012.06.11 14:35:38 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{3D4A234B-2202-4A12-9835-2097DD36BA1D}
[2012.06.11 14:35:16 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{69501F10-BD5A-4DDA-BD59-2FB83F819C2B}
[2012.06.11 12:50:37 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{51C4BB94-1480-417E-A85B-D9395F8C7553}
[2012.06.11 12:46:43 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{8E623B24-81D2-4A5C-B6BE-8A3C66BCA5B0}
[2012.06.10 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6BBC535B-0A91-4444-8296-E19B0809709E}
[2012.06.10 12:13:06 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{CF43F7BF-D4B1-43F8-AB0E-E83BA7CED419}
[2012.06.09 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{39E65FDF-8A78-4C34-9E70-E3DECBD0FA1F}
[2012.06.09 18:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{1F585F68-FF3E-4DF6-9BDD-F9ED2C0D99F1}
[2012.06.09 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{747B39BB-FD54-4DDE-9D14-6698AD82A59B}
[2012.06.09 12:40:53 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{68AFB1A4-0270-4561-B969-C707B26CBDB8}
[2012.06.09 03:28:14 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{18238D30-B36D-4407-A316-39C206D33B14}
[2012.06.09 03:27:38 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{039F737B-BF79-4EAC-B990-ED9B6CA2696A}
[2012.06.08 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{FB2D150A-0858-492A-8041-CF6F67604B68}
[2012.06.08 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{8C49A5DE-84FF-48D0-9B27-FDFB6D133C82}
[2012.06.08 16:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.08 16:51:56 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D3A790A0-AC92-46A3-A145-883366757E26}
[2012.06.08 16:50:18 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{8FE73D95-A61D-42D3-A3E6-597E01B4D038}
[2012.06.08 16:42:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.08 16:18:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{DFA2DAE6-5F8B-4982-BF35-26E36A0359E3}
[2012.06.08 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D255B502-98F9-478F-804C-66FB9327E714}
[2012.06.08 15:02:02 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{C67CE7A6-AE79-442C-9BD3-7CA21C79D161}
[2012.06.08 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{47510A6A-092F-4F3C-89EB-FC504D75CAA9}
[2012.06.08 13:32:43 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6D3A2ED9-19F7-4C94-8373-3641E38C471F}
[2012.06.08 13:31:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5A29FF2F-8BBC-405C-BFCD-E94DBF41FAAB}
[2012.06.08 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Roaming\Malwarebytes
[2012.06.08 13:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.08 13:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.08 13:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 13:00:27 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{9F943704-7BB5-42BA-B8AD-27527B36175E}
[2012.06.08 13:00:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{837D5544-B341-485C-BD98-59B585A19710}
[2012.06.08 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{F8B85AA6-1ACD-4A0E-9302-DF76C9B1939A}
[2012.06.08 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{029F6055-B75D-471F-915B-44156C0D240D}
[2012.06.07 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{45271E3C-0FD6-4123-8364-DC386B0B71B0}
[2012.06.07 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{10148236-B776-4038-AC70-BE60DFE951D5}
[2012.06.07 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5FAF6837-38EE-40BB-BAC6-370FD5EF47F8}
[2012.06.07 12:22:36 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Roaming\Lzxjfjfzxz
[2012.06.07 12:00:22 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{CDB07752-2A2E-4B8F-AA96-E787A33F8EF1}
[2012.06.07 11:58:45 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{BE312101-7364-4B48-A565-B7852C99997A}
[2012.06.06 18:09:55 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D139C63C-08B4-4608-946C-9D46F5677511}
[2012.06.06 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{B5448C31-4C01-4334-8AE5-5E65D3223A6A}
[2012.06.06 11:44:34 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{B77290E0-3A87-40A1-ABDD-5B093928FA81}
[2012.06.06 11:44:12 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{DF2D3D74-A1E7-415D-A23A-B3619C1BFD3C}
[2012.06.05 21:08:10 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{EAE5F35E-EDDF-4353-BDEE-C40B0D620F79}
[2012.06.05 21:07:51 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5879063F-A70D-4925-88BD-7D2247F2292E}
[2012.06.05 11:37:15 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6AA86073-9586-4C8E-AAB8-EFA03CD44FDB}
[2012.06.05 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{80846D16-5AE8-4051-B088-089AA2978936}
[2012.06.05 00:12:26 | 000,141,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.06.05 00:12:21 | 000,258,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.06.05 00:12:21 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.06.05 00:12:20 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.06.05 00:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.06.04 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5DE32BAD-763D-4FEB-85F4-D295E5F4DAAD}
[2012.06.04 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{079EA70D-DB4F-44B7-9D81-A42F179AB367}
[2012.06.03 12:05:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5CC35BC1-B795-4576-934A-B21127515CBE}
[2012.06.03 12:04:29 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{BCC5FF0D-6312-486B-967F-2B613F829F2A}
[2012.06.02 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{717DCE11-2956-4FE4-ABB3-7096ED5C244D}
[2012.06.02 11:59:00 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{7780645B-4DC1-4607-985C-3FB3439AC721}
[2012.06.02 00:47:52 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{59EED962-C733-4429-A7A7-B929FF0431BB}
[2012.06.02 00:47:41 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D6A4FCFE-AC25-4B97-A65C-C13A002658BF}
[2012.06.01 17:38:44 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D6CDBA6F-5963-440B-90B3-4E0B3C406B9C}
[2012.06.01 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{0BEAEA88-B764-4496-B3C0-5C356FA72B4D}
[2012.06.01 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{10E9C85E-36F1-4F54-8B4D-84FB36BF21A7}
[2012.06.01 12:49:46 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{95813B38-6F54-4E9F-A087-C97829EB2E62}
[2012.05.31 11:41:02 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{37B3BD65-ED28-4329-B5D9-5BA36301CCA0}
[2012.05.31 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{309EBFDD-936D-4D76-ABF5-443AE9797D31}
[2012.05.30 23:32:00 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{2243BCBA-F6BC-47F5-AD9F-EBCA108D695B}
[2012.05.30 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{2ED4EEAF-904C-4C07-AD33-063E7F114758}
[2012.05.30 11:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{0729A46C-0353-4790-9868-4CB269F2B88B}
[2012.05.30 11:15:30 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{11DBF260-F003-430C-AD1E-551D49FE57CF}
[2012.05.29 11:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5925D774-AFA4-4F84-A260-A48E1D9CA65C}
[2012.05.29 11:15:48 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{819B77E3-B7D9-453D-B792-06048B18A2B1}
[2012.05.28 23:17:54 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{B9166226-A248-482D-9021-526B122F28C0}
[2012.05.28 23:17:32 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{FEA01B2A-7D4C-432E-8DEB-BBECBE4131D0}
[2012.05.28 11:49:49 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D5B0344C-6B11-4D68-BFA9-E3405EC6F414}
[2012.05.27 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{7AB3EB2A-9106-45F9-8880-1B79CA453052}
[2012.05.27 12:06:54 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{8DA29B82-062B-469F-9DE1-F36A2ECC5D58}
[2012.05.26 12:37:01 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{39CFB1EE-9A3E-45AA-A2F2-A6F24EB16DC7}
[2012.05.26 12:36:19 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{90569454-3110-4B86-9C38-24284F92FDF9}
[2012.05.26 02:28:16 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6AC69444-F485-4711-B2B9-AA2F05C6A387}
[2012.05.26 02:28:05 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6C4E9CB7-B761-4C33-B975-BBCAAC541C0E}
[2012.05.25 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5383473E-3CBA-4ADC-B562-E5B26DBD1296}
[2012.05.25 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{167E30E3-C9F5-42F1-9D12-C15745A24158}
[2012.05.25 12:31:17 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{54216576-9417-436E-87A6-7CACA844E450}
[2012.05.24 12:45:32 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6C909925-BFCC-48D6-BA81-7CCAE56A7E06}
[2012.05.24 12:44:25 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{7A590ABE-9810-461D-BEB5-8E7BADFA3DFA}
[2012.05.23 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{A2306CC3-5217-487F-AB6B-039ADCF09577}
[2012.05.23 12:24:53 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{3A0AEDF6-CC53-4A86-A01E-325F73B4F000}
[2012.05.23 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{423F3723-DF10-4814-B1DD-4B727F53C8D0}
[2012.05.23 11:53:57 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{4C7ED389-410D-49D6-950C-5ACBBBF204E6}
[2012.05.22 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{888C186D-C7D6-4770-A799-7F6134449FB8}
[2012.05.22 20:28:56 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{F030431E-5C24-4EF0-A411-F5EFE4626FDA}
[2012.05.22 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{28ECAF16-2AD1-45C7-97B7-E39C37067E4F}
[2012.05.22 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{B7A0126E-A2F0-483C-A75F-6ED063C1F7DC}
[2012.05.21 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{66501E39-B03D-4EE6-AE30-0FC853D16E03}
[2012.05.21 12:06:12 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{6B155EE4-9D4A-4573-AF5E-854247B762F5}
[2012.05.21 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{14BBCC7B-3A4B-4CBB-A072-628A041DA112}
[2012.05.21 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{02245369-DF89-4F60-825D-0C21FAD5E9BB}
[2012.05.21 02:40:46 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{12DC474F-11D1-40DA-9BE9-DE05C56C4F83}
[2012.05.21 02:39:06 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{3BA3A0A8-2261-46BB-831F-BB4334AAD07F}
[2012.05.20 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{90D52F9B-DD24-4189-B650-1C329F8072FF}
[2012.05.20 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{91AEBB93-8044-4529-93AA-2479F5C43D8E}
[2012.05.19 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{0EF7515E-2C2F-4023-96C4-FADCE2135C21}
[2012.05.19 19:54:00 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{4F608BE1-1CB0-440D-9C10-3C7DE69857A4}
[2012.05.19 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{818D5E75-9184-4CA1-B307-E99F85AA24F7}
[2012.05.19 11:46:03 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{9978A7EB-6D97-433D-8A10-964D0C909D17}
[2012.05.18 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Roaming\BabylonToolbar
[2012.05.18 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{88FD922D-BB89-4B3F-8BA9-E561F168D966}
[2012.05.18 12:06:24 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{8C0B07FB-1A1A-4EF6-AE81-B7456E8F071B}
[2012.05.17 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{A99213D9-E66F-44FF-BF68-2D3495D66D89}
[2012.05.17 12:08:38 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{80AFD705-5285-4506-87D9-B754E39B78DC}
[2012.05.16 11:43:17 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{717E534B-7782-42C8-99A0-09E30F9EB9BE}
[2012.05.16 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{32BDD634-9822-4178-A7A3-FA02DC031E14}
[2012.05.15 11:57:39 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{29EBDB7C-A3F2-4458-A334-C232FEE98F9A}
[2012.05.15 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{AA8510C7-97CE-4F52-B8CD-73D62369DB6B}
[2012.05.14 20:51:07 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{4B0F580B-0C7A-4A1B-BE75-D04C0692DE29}
[2012.05.14 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{68B1EF66-C216-4E51-8CF8-2DC415798EA3}
[2012.05.14 19:08:40 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lui\Desktop\OTL.exe
[2012.05.14 13:52:35 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{2DA22061-7C5C-45D2-AAB2-ADC9DF8165B2}
[2012.05.14 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{5EEB36B6-4990-43E8-863E-2C580A681168}
[2012.05.14 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{7FB92AE8-C055-4A5F-B02B-1BF55CA47A63}
[2012.05.14 11:56:23 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{34E6241E-BBD8-4A01-AE13-62D3A5B2458F}
[2012.05.13 12:13:32 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{F8A1B291-3A26-45CE-BC72-013DD6E2BEA7}
[2012.05.13 12:12:56 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{D3CC3914-BD5C-433B-8AE6-C3938AED1569}
[2012.05.13 00:41:31 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{ABF23E09-D50E-4175-9E8B-AE7736959661}
[2012.05.13 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Lui\AppData\Local\{7289BF5C-5DC8-46B9-ACA9-6EDD51F20BD9}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 22:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 22:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 20:06:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 14:47:25 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 14:47:25 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 14:39:49 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2012.06.11 14:39:48 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2012.06.11 14:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 14:38:41 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.11 00:28:16 | 000,002,710 | ---- | M] () -- C:\Users\Lui\Desktop\avatar58024_10.gif
[2012.06.08 21:34:26 | 000,071,705 | ---- | M] () -- C:\Users\Lui\Desktop\baby penguin.JPG
[2012.06.08 19:02:43 | 000,367,521 | ---- | M] () -- C:\Users\Lui\Desktop\hijackthis.JPG
[2012.06.08 18:07:18 | 000,092,262 | ---- | M] () -- C:\Users\Lui\Desktop\Unbenannt2.JPG
[2012.06.08 16:42:51 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.08 16:15:24 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.08 16:15:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.06.08 15:41:14 | 000,102,656 | ---- | M] () -- C:\Users\Lui\Desktop\Unbenannt1.JPG
[2012.06.04 12:01:36 | 000,003,807 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.dat
[2012.06.03 19:10:13 | 000,242,626 | ---- | M] () -- C:\Users\Lui\Desktop\sean.JPG
[2012.06.02 12:01:46 | 000,000,122 | ---- | M] () -- C:\Windows\wininit.ini
[2012.06.02 12:01:45 | 000,001,013 | ---- | M] () -- C:\Users\Lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 12:01:41 | 000,000,977 | ---- | M] () -- C:\Users\Lui\Desktop\Dropbox.lnk
[2012.06.01 21:52:57 | 000,730,002 | ---- | M] () -- C:\Users\Lui\Desktop\paella.JPG
[2012.05.31 16:25:43 | 000,040,134 | ---- | M] () -- C:\Users\Lui\Desktop\Aufstellung Lui 31.05.2012.pdf
[2012.05.24 13:07:38 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.18 23:52:34 | 000,000,487 | ---- | M] () -- C:\user.js
[2012.05.16 18:52:32 | 000,123,232 | ---- | M] () -- C:\Users\Lui\Desktop\köln horrem fahrplan.JPG
[2012.05.16 18:51:12 | 000,120,384 | ---- | M] () -- C:\Users\Lui\Desktop\horrem fahrplan.JPG
[2012.05.14 19:08:41 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lui\Desktop\OTL.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.11 00:28:16 | 000,002,710 | ---- | C] () -- C:\Users\Lui\Desktop\avatar58024_10.gif
[2012.06.08 21:34:26 | 000,071,705 | ---- | C] () -- C:\Users\Lui\Desktop\baby penguin.JPG
[2012.06.08 19:02:43 | 000,367,521 | ---- | C] () -- C:\Users\Lui\Desktop\hijackthis.JPG
[2012.06.08 18:07:18 | 000,092,262 | ---- | C] () -- C:\Users\Lui\Desktop\Unbenannt2.JPG
[2012.06.08 16:42:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.08 15:41:13 | 000,102,656 | ---- | C] () -- C:\Users\Lui\Desktop\Unbenannt1.JPG
[2012.06.05 00:09:54 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.03 19:08:16 | 000,242,626 | ---- | C] () -- C:\Users\Lui\Desktop\sean.JPG
[2012.06.02 12:01:46 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.01 21:50:03 | 000,730,002 | ---- | C] () -- C:\Users\Lui\Desktop\paella.JPG
[2012.05.31 16:25:43 | 000,040,134 | ---- | C] () -- C:\Users\Lui\Desktop\Aufstellung Lui 31.05.2012.pdf
[2012.05.16 18:52:32 | 000,123,232 | ---- | C] () -- C:\Users\Lui\Desktop\köln horrem fahrplan.JPG
[2012.05.16 18:51:12 | 000,120,384 | ---- | C] () -- C:\Users\Lui\Desktop\horrem fahrplan.JPG
[2012.05.11 23:02:26 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.05.11 23:02:26 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.02.17 20:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.01.27 12:16:59 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.27 12:16:59 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.10.28 00:53:22 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.10.28 00:53:22 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.08.05 02:45:56 | 000,004,608 | ---- | C] () -- C:\Users\Lui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.30 17:39:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.01.10 21:11:02 | 000,000,261 | ---- | C] () -- C:\Windows\EasyCT.INI
[2010.12.31 23:36:29 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2010.12.31 23:36:29 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010.12.31 23:04:11 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 07:52:25 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2011.12.09 03:50:30 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Amazon
[2011.08.05 02:33:08 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Babylon
[2012.05.18 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\BabylonToolbar
[2011.02.14 23:10:33 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.28 00:53:56 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\concept design
[2011.11.01 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\DAEMON Tools Lite
[2011.10.18 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Digiarty
[2012.06.11 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Dropbox
[2012.04.10 23:30:37 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\elsterformular
[2012.02.17 20:26:47 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\EPSON
[2012.04.02 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Exyn
[2011.11.01 19:51:12 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\FileZilla
[2011.04.13 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\HTC
[2011.04.13 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.06.09 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\IrfanView
[2012.06.08 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Lzxjfjfzxz
[2011.10.22 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\MAGIX
[2011.08.27 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\NetMedia Providers
[2011.01.30 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Notepad++
[2010.12.31 21:44:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\OEM
[2012.03.03 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\OpenCandy
[2010.12.31 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Opera
[2011.01.30 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\PACE Anti-Piracy
[2011.08.28 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Publish Providers
[2011.03.02 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Screaming Bee
[2012.05.11 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Simply Super Software
[2012.05.04 02:24:56 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\SoftGrid Client
[2011.08.27 15:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Sony
[2011.01.30 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.03 16:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\systweak
[2011.01.30 00:23:11 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Thinstall
[2012.06.11 22:44:39 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Toon Boom Animation
[2011.08.15 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\TP
[2012.03.02 20:48:22 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Ulead Systems
[2012.03.31 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Usgor
[2012.04.03 11:26:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Utcem
[2012.06.08 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\uTorrent
[2012.03.03 17:01:11 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\XMedia Recode
[2012.05.09 12:16:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.23 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Adobe
[2011.12.09 03:50:30 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Amazon
[2011.01.29 02:05:08 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Apple Computer
[2012.02.17 19:59:07 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\ArcSoft
[2011.08.05 02:33:08 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Babylon
[2012.05.18 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\BabylonToolbar
[2011.02.14 23:10:33 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.28 00:53:56 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\concept design
[2011.11.01 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\DAEMON Tools Lite
[2011.10.18 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Digiarty
[2012.06.11 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Dropbox
[2012.01.09 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\dvdcss
[2012.04.10 23:30:37 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\elsterformular
[2012.02.17 20:26:47 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\EPSON
[2012.04.02 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Exyn
[2011.11.01 19:51:12 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\FileZilla
[2011.04.13 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\HTC
[2011.04.13 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.12.31 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Identities
[2010.12.31 23:36:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\InstallShield
[2012.06.09 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\IrfanView
[2012.06.08 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Lzxjfjfzxz
[2010.12.31 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Macromedia
[2011.10.22 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\MAGIX
[2012.06.08 13:17:56 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Media Center Programs
[2012.06.09 13:01:03 | 000,000,000 | --SD | M] -- C:\Users\Lui\AppData\Roaming\Microsoft
[2012.01.14 15:51:59 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Mozilla
[2012.02.07 15:22:51 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Nero
[2011.08.27 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\NetMedia Providers
[2011.01.30 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Notepad++
[2010.12.31 21:44:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\OEM
[2012.03.03 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\OpenCandy
[2010.12.31 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Opera
[2011.01.30 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\PACE Anti-Piracy
[2011.08.28 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Publish Providers
[2011.03.02 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Screaming Bee
[2012.05.11 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Simply Super Software
[2012.05.04 02:24:56 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\SoftGrid Client
[2011.08.27 15:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Sony
[2011.01.30 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.03 16:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\systweak
[2011.01.30 00:23:11 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Thinstall
[2012.06.11 22:44:39 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Toon Boom Animation
[2011.08.15 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\TP
[2012.03.02 20:48:22 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Ulead Systems
[2012.03.31 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Usgor
[2012.04.03 11:26:00 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\Utcem
[2012.06.08 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\uTorrent
[2012.06.09 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\vlc
[2011.01.01 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\WinRAR
[2012.06.11 14:39:17 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\WTablet
[2012.03.03 17:01:11 | 000,000,000 | ---D | M] -- C:\Users\Lui\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lui\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lui\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lui\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.04 02:33:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lui\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.01.30 17:24:51 | 000,010,134 | R--- | M] () -- C:\Users\Lui\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.02.06 20:18:56 | 002,081,208 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Lui\AppData\Roaming\OpenCandy\F822E474D36C4B89A27D93E3C9AA614A\pcspeedup_oc.exe
[2011.10.22 16:35:59 | 000,416,160 | ---- | M] () -- C:\Users\Lui\AppData\Roaming\OpenCandy\OpenCandy_DB7683C9913941F28631D6DD536354ED\LatestDLMgr.exe
[2011.10.22 16:36:05 | 004,103,096 | ---- | M] () -- C:\Users\Lui\AppData\Roaming\OpenCandy\OpenCandy_DB7683C9913941F28631D6DD536354ED\LinkuryInstaller_p1v5.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\iaStor.sys
[2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a850f9740f1a3db7\iaStor.sys
[2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c102f5ecab1a70a7\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C8B8CEBD

< End of report >

cosinus · 12.06.2012, 10:56

Zitat:

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

Nun, was für eine CS5-Version das ist kann man sich ja nun denken

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

11.06.2012, 15:58	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe den Gema Trojaner. Was tun? Ich dachte Thinstall sagt dir etwas... __________________ Logfiles bitte immer in CODE-Tags posten

11.06.2012, 16:08	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe den Gema Trojaner. Was tun? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Ich habe den Gema Trojaner. Was tun?

Plagegeister aller Art und deren Bekämpfung: Ich habe den Gema Trojaner. Was tun?