Trojaner (OBTSM) durch Verknüpfungen einer NFO

Daniel0815 · 20.11.2012, 11:08

Hi Leute.

Leider muss ich mich an euch wenden,da ich nun wirklich verdammt verunsichert bin.

Und zwar habe ich mich dazu überreden lassen meinen Kumpel an meinen Computer zu lassen, da er ein altes Spiel spielen wollte was ich noch im Schrank liegen hatte.

Als ich wieder kam hat er mir gebeichtet "Mist gebaut" zu haben.
Und zwar lief das Spiel unter 64bit nicht und hat sich dann jemanden gesucht der ihm hilft das zum laufen zu kriegen.

Er hatte eine NFO-Datei bekommen die 8KB groß war.
Diese sollte er in den Papierkorb schieben, dann wiederherstellen.
Dann lag die auf dem Desktop und er hat eine Verknüpfung auf jede Partition erstellt.

Dann hat derjenige ihm gesagt dass er jetzt eine Spyware oder so auf den Rechner hat. Diese sammelt jetzt Daten und schickt die an einen Server und in ca. 5 Wochen ist alles formatiert.
Dann meinte er, mein Kumpel sollte mal nach OBTSM googlen um zu wissen wer ihn da gerade verarscht hat.

Unter OBTSM finde ich selber nichts und weiß nicht was genau jetzt hier bei mir gemacht wurde.
Mein Kumpel hat dann aus Angst die Verknüpfungen und die NFO sofort gelöscht. Aber komplett gelöscht, nicht nur in den Papierkorb geschoben.

Meine Fragen:
Kann das nun wirklich sein dass sämtliche Daten von mir ausgespäht werden?
Besonders Angst habe ich da bezüglich meine Passwort-Eingaben und meiner Arbeitsmaterialien auf den Festplatten. Denn eigentlich arbeite ich mit meinem Computer.

Meine andere Frage, wenn das denn nun sein kann, wie krieg ich das wieder weg?
Hab eigentlich keine Zeit um meinen PC neu aufzusetzen. Zudem kann ich spontan meine Daten zum arbeiten nicht alle retten.

Hab ich nun Grund zur Sorge oder hat sich da jemand einen Spaß erlaubt mit meinem Kumpel und ihn nur einen Schreck einjagen wollen?

C:\$Recycle.Bin\S-1-5-21-1799551351-3960276517-2487386332-1000\$R6JOUO2.exe (Trojan.Agent)

Wurde bei mir gefunden.
Kann damit jemand etwas anfangen?

[QUOTE=Daniel0815;959860]Hi Leute.

Leider muss ich mich an euch wenden,da ich nun wirklich verdammt verunsichert bin.

Und zwar habe ich mich dazu überreden lassen meinen Kumpel an meinen Computer zu lassen, da er ein altes Spiel spielen wollte was ich noch im Schrank liegen hatte.

Als ich wieder kam hat er mir gebeichtet "Mist gebaut" zu haben.
Und zwar lief das Spiel unter 64bit nicht und hat sich dann jemanden gesucht der ihm hilft das zum laufen zu kriegen.

Er hatte eine NFO-Datei bekommen die 8KB groß war.
Diese sollte er in den Papierkorb schieben, dann wiederherstellen.
Dann lag die auf dem Desktop und er hat eine Verknüpfung auf jede Partition erstellt.

Dann hat derjenige ihm gesagt dass er jetzt eine Spyware oder so auf den Rechner hat. Diese sammelt jetzt Daten und schickt die an einen Server und in ca. 5 Wochen ist alles formatiert.
Dann meinte er, mein Kumpel sollte mal nach OBTSM googlen um zu wissen wer ihn da gerade verarscht hat.

Unter OBTSM finde ich selber nichts und weiß nicht was genau jetzt hier bei mir gemacht wurde.
Mein Kumpel hat dann aus Angst die Verknüpfungen und die NFO sofort gelöscht. Aber komplett gelöscht, nicht nur in den Papierkorb geschoben.

Meine Fragen:
Kann das nun wirklich sein dass sämtliche Daten von mir ausgespäht werden?
Besonders Angst habe ich da bezüglich meine Passwort-Eingaben und meiner Arbeitsmaterialien auf den Festplatten. Denn eigentlich arbeite ich mit meinem Computer.

Meine andere Frage, wenn das denn nun sein kann, wie krieg ich das wieder weg?
Hab eigentlich keine Zeit um meinen PC neu aufzusetzen. Zudem kann ich spontan meine Daten zum arbeiten nicht alle retten.

Hab ich nun Grund zur Sorge oder hat sich da jemand einen Spaß erlaubt mit meinem Kumpel und ihn nur einen Schreck einjagen wollen?

>Habe Malwarebytes durchlaufen lassen, komplett!
Es wurde nichts gefunden was ich mit der NFO in Verbindung bringen könnte.

ryder · 20.11.2012, 12:53

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort), aber gesammelt, wenn du alles erledig hast.

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!

Na das ist ja mysteriös ...

... wir schauen mal rein, was da ist:

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Daniel0815 · 20.11.2012, 12:54

Ich geh das mal kurz durch. Danke schonmal!

Ist es denn überhaupt möglich mit einer 8KB NFO sowas anzurichten?

ryder · 20.11.2012, 12:55

Ja das haben wir jetzt schon 3 mal gelesen... bitte den Anweisungen folgen.

ryder · 20.11.2012, 12:58

Der MBR hat nur 512 bytes und kann Schädlinge enthalten. Jetzt keine Panik sondern arbeite mit

Daniel0815 · 20.11.2012, 13:27

Alles klar.
Ich hatte vorhin ein paar Probleme mit dem Editieren, entschuldige

Ich starte das Programm sobald der Rechner fertig gerendert hat.

ryder · 20.11.2012, 13:35

Zitat:

Lesestoff:
Zwischendurch Posten
Du hast mir nur ein Teilergebnis gepostet. Bitte melde dich nur, wenn du alles abgearbeitet hast oder zwischendurch eine Frage hast. Wenn du mir mehrmals antwortest, sehe ich deine weiteren Antworten nicht mehr automatisch und könnte dein Thema übersehen.

-------------

Daniel0815 · 20.11.2012, 17:06

Code:

ATTFilter

ComboFix 12-11-20.02 - garcia 20.11.2012  16:31:30.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8175.5160 [GMT 1:00]
ausgeführt von:: c:\users\garcia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmp57C0.tmp
c:\windows\SysWow64\tmp57C1.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-20 bis 2012-11-20  ))))))))))))))))))))))))))))))
.
.
2012-11-20 13:28 . 2012-11-20 13:28	--------	d-----w-	c:\program files (x86)\MSECache
2012-11-20 10:12 . 2012-11-20 10:12	--------	d-----w-	c:\users\garcia\AppData\Roaming\Malwarebytes
2012-11-20 10:11 . 2012-11-20 10:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-20 10:11 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-17 10:06 . 2012-11-17 10:06	--------	d-----w-	c:\program files (x86)\Microsoft Chart Controls
2012-11-12 15:44 . 2012-11-12 15:44	--------	d-sh--w-	c:\programdata\SecuROM
2012-11-12 15:43 . 2012-11-12 15:44	--------	d-----w-	c:\users\garcia\AppData\Local\Rockstar Games
2012-11-12 15:43 . 2012-11-12 15:43	--------	d--h--r-	c:\users\garcia\AppData\Roaming\SecuROM
2012-11-06 14:16 . 2012-11-06 14:16	--------	d-----w-	c:\users\garcia\AppData\Local\NBGI
2012-11-05 10:43 . 2012-11-05 10:43	674280	----a-w-	c:\windows\system32\Rockstar Fall.scr
2012-11-05 10:43 . 2012-11-05 10:43	674280	------w-	c:\windows\SysWow64\Rockstar Fall.scr
2012-11-05 10:43 . 2012-11-05 10:43	--------	d-----w-	c:\programdata\Screentime
2012-11-05 10:43 . 2012-11-05 10:43	--------	d-----w-	c:\users\garcia\AppData\Local\Screentime
2012-11-02 07:30 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2012-10-31 23:07 . 2012-10-31 23:07	--------	d-----w-	c:\programdata\RELOADED
2012-10-30 09:11 . 2012-10-30 15:38	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-10-28 10:30 . 2012-10-28 10:30	--------	d-----w-	c:\programdata\ATI
2012-10-28 10:30 . 2012-10-28 10:30	--------	d-----w-	c:\program files (x86)\AMD AVT
2012-10-28 10:30 . 2012-10-28 10:30	--------	d-----w-	c:\program files (x86)\AMD APP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 09:57 . 2012-04-01 10:22	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-10-30 22:51 . 2012-03-31 09:26	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-31 09:26	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-31 09:26	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-31 09:26	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-31 09:26	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-31 09:25	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-31 09:25	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-31 09:26	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-03-31 09:26	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 00:07 . 2012-03-31 10:04	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:07 . 2012-03-31 10:04	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 14:37 . 2012-09-28 14:37	221696	----a-w-	c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36	32635904	----a-w-	c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32	27341824	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-07-28 04:09	5557928	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21	10697216	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05	70144	----a-w-	c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02	16082432	----a-w-	c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-07-28 03:19	23825920	----a-w-	c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-07-28 02:15	935424	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-03-09 05:14	1120768	----a-w-	c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41	19624960	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39	6536192	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39	442368	----a-w-	c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39	538112	----a-w-	c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31	3127296	----a-w-	c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25	6704640	----a-w-	c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-03-09 04:45	7167488	----a-w-	c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-07-28 01:32	2691584	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-07-28 01:15	595456	----a-w-	c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	405504	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12	460288	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-03-09 03:57	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11	103424	----a-w-	c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-03-09 03:56	82944	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-09-24 21:16 . 2012-10-21 10:47	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 15:49 . 2012-08-09 14:00	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 15:49 . 2012-04-01 13:19	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-18 22:01 . 2012-04-01 17:37	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-18 22:01 . 2012-04-01 17:28	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-18 22:01 . 2012-04-01 17:28	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-09-17 22:05 . 2012-09-17 22:05	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-09-16 17:34 . 2012-04-02 07:36	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 pbfilter;pbfilter;d:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-01 283200]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-01-20 332688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-02-07 66328]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:07]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000Core.job
- c:\users\garcia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:55]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000UA.job
- c:\users\garcia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://anime-loads.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - r:\program files (x86)\ICQ7M\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\garcia\AppData\Roaming\Mozilla\Firefox\Profiles\6of0vkbn.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - about:newtab
FF - ExtSQL: 2012-10-02 11:14; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\garcia\AppData\Roaming\Mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-10-05 14:26; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\garcia\AppData\Roaming\Mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - ExtSQL: 2012-10-22 14:02; newtabtools@darktrojan.net; c:\users\garcia\AppData\Roaming\Mozilla\Firefox\Profiles\6of0vkbn.default\extensions\newtabtools@darktrojan.net.xpi
FF - ExtSQL: 2012-11-18 12:21; firebug@software.joehewitt.com; c:\users\garcia\AppData\Roaming\Mozilla\Firefox\Profiles\6of0vkbn.default\extensions\firebug@software.joehewitt.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1799551351-3960276517-2487386332-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,04,70,20,e6,e6,a3,31,90,c8,7b,83,7b,f5,9e,9a,eb,03,1d,3b,ba,
   cb,4c,0f,d6,9c,25,2e,dd,9e,7e,f9,5c,a7,2c,78,46,df,10,04,4d,6d,61,3c,c8,5c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-20  16:37:07
ComboFix-quarantined-files.txt  2012-11-20 15:37
.
Vor Suchlauf: 9 Verzeichnis(se), 81.960.894.464 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 99.922.362.368 Bytes frei
.
- - End Of File - - CA986ADA106CE0F6464814FBDDC495BA

ryder · 20.11.2012, 17:09

Das ist alles ziemlich unverdächtig.

Schritt 1:
Scan mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Schritt 2:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

Daniel0815 · 20.11.2012, 17:51

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
garcia :: GARCIA-PC [administrator]

20.11.2012 17:29:34
mbar-log-2012-11-20 (17-29-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27365
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

OTL logfile created on: 20.11.2012 17:44:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\garcia\Downloads\Ff Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,83 Gb Available Physical Memory | 60,45% Memory free
15,96 Gb Paging File | 12,55 Gb Available in Paging File | 78,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,00 Gb Total Space | 93,11 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive D: | 185,66 Gb Total Space | 12,37 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive R: | 643,63 Gb Total Space | 276,79 Gb Free Space | 43,00% Space Free | Partition Type: NTFS
 
Computer Name: GARCIA-PC | User Name: garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\garcia\Downloads\Ff Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\liblive555_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ithsgt) -- C:\Windows\SysNative\drivers\ithsgt.sys ()
DRV:64bit: - (lilsgt) -- C:\Windows\SysNative\drivers\lilsgt.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ithsgt) -- C:\Windows\SysWOW64\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\Windows\SysWOW64\drivers\lilsgt.sys ()
DRV - (pbfilter) -- D:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://anime-loads.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E A3 EC 0E 45 A3 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: contextsearch2@lwz.addons.mozilla.org:0.4.6.9
FF - prefs.js..extensions.enabledAddons: extension@4chan.org:0.4.5.18
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic@eric.h.jung:3.0.1
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: secureLogin@blueimp.net:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\garcia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\garcia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.18 20:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:01:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 10:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 10:11:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:01:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 10:11:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 10:11:01 | 000,000,000 | ---D | M]
 
[2012.03.31 10:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\Extensions
[2012.11.20 17:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions
[2012.11.09 17:31:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.05 13:26:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.11.01 00:06:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.03 09:49:27 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\foxyproxy-basic@eric.h.jung
[2012.09.15 23:40:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\ich@maltegoetz.de
[2012.07.06 18:45:02 | 000,023,456 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\contextsearch2@lwz.addons.mozilla.org.xpi
[2012.04.06 13:23:38 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\expire-history-by-days@bonardo.net.xpi
[2012.04.15 13:56:06 | 000,105,380 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\extension@4chan.org.xpi
[2012.11.18 12:21:33 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.13 18:59:20 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.11.06 10:48:03 | 000,374,289 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.10.22 13:02:49 | 000,015,463 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\newtabtools@darktrojan.net.xpi
[2012.11.20 17:03:32 | 000,083,655 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\secureLogin@blueimp.net.xpi
[2012.11.16 23:52:43 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\toolbar@web.de.xpi
[2012.11.14 01:34:20 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.11 17:39:50 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012.07.25 19:21:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.03 14:33:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.21 09:18:20 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.13 19:32:29 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.20 17:03:32 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.04.30 11:45:38 | 000,000,853 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\11-suche.xml
[2012.04.30 11:45:38 | 000,002,209 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\englische-ergebnisse.xml
[2012.04.30 11:45:38 | 000,010,506 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\gmx-suche.xml
[2012.04.30 11:45:38 | 000,002,368 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\lastminute.xml
[2012.04.30 11:45:38 | 000,005,489 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\webde-suche.xml
[2012.10.27 20:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.18 20:06:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.10.27 20:01:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.11 22:34:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 22:34:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.11 22:34:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.11 22:34:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.11 22:34:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.11 22:34:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\garcia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: 4chan Extension [New] = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhljghahohpihkdhhgaddnipndobpbbb\2.0.6_0\
CHR - Extension: Adblock Plus = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: uTorrentBar_DE = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.18.20_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.20 16:35:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Z1] C:\Users\garcia\Desktop\mbar\mbar.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - R:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - R:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B4348A9-FAFE-4E93-B823-803782FE3AE4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3012A30-ACF9-4564-A27C-8EA8C8E8D5ED}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\mbar
[2012.11.20 16:37:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.20 16:30:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 16:30:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 16:30:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 16:30:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 16:30:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.20 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.11.20 14:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012.11.20 12:56:53 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\garcia\Desktop\ComboFix.exe
[2012.11.20 11:29:35 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{F468C3D9-ADB2-411D-9DF2-64968502265C}
[2012.11.20 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Roaming\Malwarebytes
[2012.11.20 11:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.20 11:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 11:11:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.19 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{DD564A27-A4D9-4DD5-B4A4-5D6D33DEEDDB}
[2012.11.18 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{7F37D4BE-1986-4498-A334-0B64989016FD}
[2012.11.17 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{B0439430-6B35-4211-BBC2-EF032F0565A5}
[2012.11.17 14:49:57 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Game of Thrones
[2012.11.17 11:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2012.11.17 11:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide
[2012.11.15 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{603917C9-63C4-4872-9771-17100AD49623}
[2012.11.12 16:44:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.11.12 16:43:34 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\Rockstar Games
[2012.11.12 16:43:07 | 000,000,000 | RH-D | C] -- C:\Users\garcia\AppData\Roaming\SecuROM
[2012.11.10 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{B7B750BD-90AF-4A9C-9A9F-3AB4D889280F}
[2012.11.09 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Tomb Raider - Legend
[2012.11.06 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\NBGI
[2012.11.06 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\NBGI
[2012.11.05 11:43:10 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2012.11.05 11:43:04 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\Screentime
[2012.11.03 18:53:35 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Eidos
[2012.11.02 08:31:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.02 08:31:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.02 08:31:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.02 08:31:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.02 08:31:07 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.02 08:31:07 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.02 08:31:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.02 08:31:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.02 08:31:06 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.02 08:31:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.02 08:31:06 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.02 08:31:06 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.02 08:31:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.02 08:31:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.02 08:31:04 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.02 08:31:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.02 08:31:04 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.11.02 08:31:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.11.02 08:31:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.11.02 08:31:04 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.11.02 08:31:04 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.11.02 08:31:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.11.02 08:31:03 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.11.02 08:31:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.11.02 08:31:03 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.11.02 08:31:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.11.02 08:31:02 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.11.02 08:31:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.11.02 08:31:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.11.02 08:31:02 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.11.02 08:31:00 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.11.02 08:31:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.11.02 08:31:00 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.11.02 08:31:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.11.02 08:30:59 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.11.02 08:30:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.11.02 08:30:59 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.02 08:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.02 08:30:57 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.11.02 08:30:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.11.02 08:30:57 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.11.02 08:30:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.11.02 08:30:56 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.11.02 08:30:56 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.11.02 08:30:55 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.11.02 08:30:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.11.02 08:30:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.11.02 08:30:55 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.11.02 08:30:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.11.02 08:30:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.11.02 08:30:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.11.02 08:30:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.11.02 08:30:53 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.02 08:30:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.02 08:30:53 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.02 08:30:53 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.02 08:30:51 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.02 08:30:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.02 08:30:50 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.11.02 08:30:50 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.11.02 08:30:50 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.11.02 08:30:50 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.11.02 08:30:50 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.11.02 08:30:50 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.11.02 08:30:49 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.02 08:30:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.02 08:30:49 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.02 08:30:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.02 08:30:49 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.11.02 08:30:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.11.02 08:30:48 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.02 08:30:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.02 08:30:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.02 08:30:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.02 08:30:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.02 08:30:46 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.02 08:30:46 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.02 08:30:46 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.02 08:30:46 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.02 08:30:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.02 08:30:45 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.02 08:30:45 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.02 08:30:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.02 08:30:44 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.02 08:30:44 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.02 08:30:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.02 08:30:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.02 08:30:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.02 08:30:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.02 08:30:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.02 08:30:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.02 08:30:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.02 08:30:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.02 08:30:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.02 08:30:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.02 08:30:40 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.02 08:30:40 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.02 08:30:40 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.02 08:30:40 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.02 08:30:38 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.02 08:30:38 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.02 08:30:38 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.02 08:30:38 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.02 08:30:36 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.02 08:30:36 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.02 08:30:36 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.02 08:30:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.02 08:30:35 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.02 08:30:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.02 08:30:34 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.02 08:30:34 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.02 08:30:33 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.02 08:30:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.02 08:30:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.02 08:30:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.02 08:30:31 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.02 08:30:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.11.02 08:30:31 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.02 08:30:31 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.02 08:30:31 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.02 08:30:31 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.02 08:30:30 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.02 08:30:30 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.02 08:30:30 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.02 08:30:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.02 08:30:29 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.02 08:30:29 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.02 08:30:28 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.11.02 08:30:28 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.11.02 08:30:27 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.02 08:30:27 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.02 08:30:27 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.02 08:30:27 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.02 08:30:27 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.02 08:30:27 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.02 08:30:25 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.02 08:30:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.02 08:30:25 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.02 08:30:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.02 08:30:24 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.02 08:30:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.02 08:30:24 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.02 08:30:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.02 08:30:23 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.02 08:30:23 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.02 08:30:22 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.02 08:30:22 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.02 08:30:22 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.02 08:30:22 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.02 08:30:21 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.02 08:30:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.11.02 08:30:21 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.02 08:30:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.02 08:30:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.02 08:30:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.02 08:30:20 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.02 08:30:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.02 08:30:19 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.11.02 08:30:19 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.11.02 08:30:19 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.11.02 08:30:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.11.02 08:30:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.11.02 08:30:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.11.02 08:30:13 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.02 08:30:13 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.02 08:30:13 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.11.02 08:30:13 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.11.02 08:30:12 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.02 08:30:12 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.02 08:30:11 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.02 08:30:11 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.02 08:30:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.02 08:30:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.02 08:30:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.02 08:30:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.02 08:30:07 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.02 08:30:07 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.02 08:30:06 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.02 08:30:06 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.11.01 00:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.10.31 23:58:38 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\Torchlight.II-RELOADED
[2012.10.30 10:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.28 23:08:32 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\deksotpopop
[2012.10.28 11:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.28 11:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.28 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.28 11:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.27 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.24 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mark of the Ninja
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 17:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000UA.job
[2012.11.20 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 16:35:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.20 16:30:22 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\garcia\Desktop\ComboFix.exe
[2012.11.20 14:42:22 | 000,036,532 | ---- | M] () -- C:\Users\garcia\Desktop\1353417459061.jpg
[2012.11.20 13:40:08 | 000,776,324 | ---- | M] () -- C:\Users\garcia\Desktop\1351713976869.jpg
[2012.11.20 13:06:29 | 000,394,153 | ---- | M] () -- C:\Users\garcia\Desktop\1353400051796.jpg
[2012.11.20 12:36:52 | 006,407,009 | ---- | M] () -- C:\Users\garcia\Desktop\1351712742843.jpg
[2012.11.20 12:36:52 | 004,180,922 | ---- | M] () -- C:\Users\garcia\Desktop\1351712603389.jpg
[2012.11.20 12:36:52 | 002,467,403 | ---- | M] () -- C:\Users\garcia\Desktop\1351713020951.jpg
[2012.11.20 12:30:47 | 004,653,286 | ---- | M] () -- C:\Users\garcia\Desktop\1351712497636.jpg
[2012.11.20 11:04:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:04:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:03:28 | 001,830,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 11:03:28 | 000,782,716 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 11:03:28 | 000,723,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 11:03:28 | 000,179,136 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 11:03:28 | 000,146,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 10:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 10:57:11 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 00:58:00 | 000,177,181 | ---- | M] () -- C:\Users\garcia\Desktop\_inside_two_worlds__by_janeckart-d4the0g.jpg
[2012.11.20 00:53:10 | 000,013,403 | ---- | M] () -- C:\Users\garcia\Desktop\avatar_white.jpg
[2012.11.20 00:20:12 | 000,037,790 | ---- | M] () -- C:\Users\garcia\Desktop\$..jpg
[2012.11.20 00:15:25 | 000,014,666 | ---- | M] () -- C:\Users\garcia\Desktop\dream.xspf
[2012.11.20 00:00:50 | 001,769,523 | ---- | M] () -- C:\Users\garcia\Desktop\ropeartist_by_larrylee2-d59t718.jpg
[2012.11.19 22:14:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000Core.job
[2012.11.18 12:09:05 | 000,039,640 | ---- | M] () -- C:\Users\garcia\Desktop\1353236900041.jpg
[2012.11.17 20:46:29 | 002,950,943 | ---- | M] () -- C:\Users\garcia\Desktop\_stalker__by_janek_sedlar-d5g9t5u.jpg
[2012.11.17 20:40:28 | 001,045,562 | ---- | M] () -- C:\Users\garcia\Desktop\1353180357206.gif
[2012.11.17 20:37:29 | 000,392,887 | ---- | M] () -- C:\Users\garcia\Desktop\1353180041941.gif
[2012.11.17 11:04:49 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Game of Thrones.lnk
[2012.11.14 21:23:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012.11.05 11:43:10 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Fall.scr
[2012.11.05 09:51:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.03 18:20:50 | 000,074,658 | ---- | M] () -- C:\Users\garcia\Documents\cc_20121103_182047.reg
[2012.11.03 16:18:29 | 000,086,202 | ---- | M] () -- C:\Users\garcia\Desktop\mushroom_in_the_forest_by_svitakovaeva-d5h2i9z.jpg
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.30 16:36:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.24 20:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.20 16:30:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 16:30:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 16:30:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 16:30:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 16:30:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.20 14:42:21 | 000,036,532 | ---- | C] () -- C:\Users\garcia\Desktop\1353417459061.jpg
[2012.11.20 14:28:38 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012.11.20 13:09:58 | 000,776,324 | ---- | C] () -- C:\Users\garcia\Desktop\1351713976869.jpg
[2012.11.20 13:06:29 | 000,394,153 | ---- | C] () -- C:\Users\garcia\Desktop\1353400051796.jpg
[2012.11.20 12:36:47 | 002,467,403 | ---- | C] () -- C:\Users\garcia\Desktop\1351713020951.jpg
[2012.11.20 12:36:39 | 006,407,009 | ---- | C] () -- C:\Users\garcia\Desktop\1351712742843.jpg
[2012.11.20 12:35:45 | 004,180,922 | ---- | C] () -- C:\Users\garcia\Desktop\1351712603389.jpg
[2012.11.20 12:29:42 | 004,653,286 | ---- | C] () -- C:\Users\garcia\Desktop\1351712497636.jpg
[2012.11.20 00:53:37 | 000,177,181 | ---- | C] () -- C:\Users\garcia\Desktop\_inside_two_worlds__by_janeckart-d4the0g.jpg
[2012.11.20 00:53:10 | 000,013,403 | ---- | C] () -- C:\Users\garcia\Desktop\avatar_white.jpg
[2012.11.20 00:20:10 | 000,037,790 | ---- | C] () -- C:\Users\garcia\Desktop\$..jpg
[2012.11.20 00:15:25 | 000,014,666 | ---- | C] () -- C:\Users\garcia\Desktop\dream.xspf
[2012.11.20 00:00:49 | 001,769,523 | ---- | C] () -- C:\Users\garcia\Desktop\ropeartist_by_larrylee2-d59t718.jpg
[2012.11.18 12:09:04 | 000,039,640 | ---- | C] () -- C:\Users\garcia\Desktop\1353236900041.jpg
[2012.11.17 20:40:27 | 001,045,562 | ---- | C] () -- C:\Users\garcia\Desktop\1353180357206.gif
[2012.11.17 20:37:28 | 000,392,887 | ---- | C] () -- C:\Users\garcia\Desktop\1353180041941.gif
[2012.11.17 20:15:40 | 002,950,943 | ---- | C] () -- C:\Users\garcia\Desktop\_stalker__by_janek_sedlar-d5g9t5u.jpg
[2012.11.17 11:04:49 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Game of Thrones.lnk
[2012.11.14 21:23:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012.11.03 18:20:48 | 000,074,658 | ---- | C] () -- C:\Users\garcia\Documents\cc_20121103_182047.reg
[2012.11.03 16:18:29 | 000,086,202 | ---- | C] () -- C:\Users\garcia\Desktop\mushroom_in_the_forest_by_svitakovaeva-d5h2i9z.jpg
[2012.10.30 16:36:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.24 20:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.26 23:26:57 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2012.07.26 23:26:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BMPPROC.DLL
[2012.06.29 16:40:42 | 000,162,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\ithsgt.sys
[2012.06.29 16:40:42 | 000,012,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\lilsgt.sys
[2012.06.27 23:13:55 | 000,000,094 | ---- | C] () -- C:\Users\garcia\AppData\Local\fusioncache.dat
[2012.05.27 16:25:07 | 000,001,456 | ---- | C] () -- C:\Users\garcia\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.05.27 16:24:55 | 000,000,132 | ---- | C] () -- C:\Users\garcia\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.05.20 11:47:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.17 10:28:45 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.28 15:32:33 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.28 15:32:25 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.28 15:32:24 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.28 15:32:24 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.05 19:43:39 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2012.04.02 22:03:15 | 000,000,003 | ---- | C] () -- C:\Users\garcia\AppData\Local\user_data.ini
[2012.04.01 18:28:59 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.01 18:28:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.01 13:16:43 | 000,007,600 | ---- | C] () -- C:\Users\garcia\AppData\Local\resmon.resmoncfg
[2012.04.01 11:23:22 | 001,807,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.31 09:41:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.09 20:27:48 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\AnvSoft
[2012.10.07 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Audacity
[2012.08.06 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Braid
[2012.07.07 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Canon
[2012.10.05 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.06 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\DAEMON Tools Lite
[2012.03.31 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\DeviceVm
[2012.06.15 07:59:37 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\fltk.org
[2012.09.13 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\gd.sos.McPixel
[2012.08.22 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ICQ
[2012.05.17 10:26:39 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ImgBurn
[2012.04.02 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Leadertech
[2012.03.31 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LolClient
[2012.05.24 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LolClient2
[2012.06.14 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LoneSurvivor
[2012.11.14 10:41:57 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Mp3tag
[2012.06.26 15:01:51 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Notepad++
[2012.09.15 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Origin
[2012.06.04 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\PACE Anti-Piracy
[2012.05.27 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\PCToolsFirewallPlus
[2012.05.22 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ProtectDISC
[2012.04.12 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\RenPy
[2012.09.20 18:19:00 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\runic games
[2012.08.10 00:02:16 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\SecondLife
[2012.06.18 23:57:15 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Sinvise Systems
[2012.06.03 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.05 21:15:05 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Stardock
[2012.06.03 15:32:02 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\StepMania 5
[2012.04.05 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\TeamViewer
[2012.03.31 10:01:07 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Thunderbird
[2012.11.17 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\uTorrent
[2012.09.23 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Vessel
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 982 bytes -> C:\Users\garcia\AppData\Local\URThnzbIvXwo:veK7VNRcKPbvoxy2Ufg3zJ
@Alternate Data Stream - 956 bytes -> C:\Users\garcia\AppData\Local\Temp:zaXm0XDG3GRXqjbf1Auxd
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

Daniel0815 · 20.11.2012, 17:52

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
garcia :: GARCIA-PC [administrator]

20.11.2012 17:29:34
mbar-log-2012-11-20 (17-29-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27365
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

OTL logfile created on: 20.11.2012 17:44:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\garcia\Downloads\Ff Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,83 Gb Available Physical Memory | 60,45% Memory free
15,96 Gb Paging File | 12,55 Gb Available in Paging File | 78,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,00 Gb Total Space | 93,11 Gb Free Space | 33,25% Space Free | Partition Type: NTFS
Drive D: | 185,66 Gb Total Space | 12,37 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive R: | 643,63 Gb Total Space | 276,79 Gb Free Space | 43,00% Space Free | Partition Type: NTFS
 
Computer Name: GARCIA-PC | User Name: garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\garcia\Downloads\Ff Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\liblive555_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ithsgt) -- C:\Windows\SysNative\drivers\ithsgt.sys ()
DRV:64bit: - (lilsgt) -- C:\Windows\SysNative\drivers\lilsgt.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ithsgt) -- C:\Windows\SysWOW64\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\Windows\SysWOW64\drivers\lilsgt.sys ()
DRV - (pbfilter) -- D:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://anime-loads.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E A3 EC 0E 45 A3 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: contextsearch2@lwz.addons.mozilla.org:0.4.6.9
FF - prefs.js..extensions.enabledAddons: extension@4chan.org:0.4.5.18
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic@eric.h.jung:3.0.1
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: secureLogin@blueimp.net:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\garcia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\garcia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.18 20:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:01:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 10:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 10:11:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 20:01:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 10:11:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 10:11:01 | 000,000,000 | ---D | M]
 
[2012.03.31 10:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\Extensions
[2012.11.20 17:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions
[2012.11.09 17:31:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.05 13:26:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.11.01 00:06:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.03 09:49:27 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\foxyproxy-basic@eric.h.jung
[2012.09.15 23:40:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\garcia\AppData\Roaming\mozilla\Firefox\Profiles\6of0vkbn.default\extensions\ich@maltegoetz.de
[2012.07.06 18:45:02 | 000,023,456 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\contextsearch2@lwz.addons.mozilla.org.xpi
[2012.04.06 13:23:38 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\expire-history-by-days@bonardo.net.xpi
[2012.04.15 13:56:06 | 000,105,380 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\extension@4chan.org.xpi
[2012.11.18 12:21:33 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.13 18:59:20 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.11.06 10:48:03 | 000,374,289 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.10.22 13:02:49 | 000,015,463 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\newtabtools@darktrojan.net.xpi
[2012.11.20 17:03:32 | 000,083,655 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\secureLogin@blueimp.net.xpi
[2012.11.16 23:52:43 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\toolbar@web.de.xpi
[2012.11.14 01:34:20 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.11 17:39:50 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012.07.25 19:21:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.03 14:33:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.21 09:18:20 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.13 19:32:29 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.20 17:03:32 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.04.30 11:45:38 | 000,000,853 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\11-suche.xml
[2012.04.30 11:45:38 | 000,002,209 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\englische-ergebnisse.xml
[2012.04.30 11:45:38 | 000,010,506 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\gmx-suche.xml
[2012.04.30 11:45:38 | 000,002,368 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\lastminute.xml
[2012.04.30 11:45:38 | 000,005,489 | ---- | M] () -- C:\Users\garcia\AppData\Roaming\mozilla\firefox\profiles\6of0vkbn.default\searchplugins\webde-suche.xml
[2012.10.27 20:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.18 20:06:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.10.27 20:01:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.11 22:34:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 22:34:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.11 22:34:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.11 22:34:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.11 22:34:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.11 22:34:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\garcia\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\garcia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: 4chan Extension [New] = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhljghahohpihkdhhgaddnipndobpbbb\2.0.6_0\
CHR - Extension: Adblock Plus = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: uTorrentBar_DE = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.18.20_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.20 16:35:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Z1] C:\Users\garcia\Desktop\mbar\mbar.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - R:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - R:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B4348A9-FAFE-4E93-B823-803782FE3AE4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3012A30-ACF9-4564-A27C-8EA8C8E8D5ED}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\mbar
[2012.11.20 16:37:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.20 16:30:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 16:30:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 16:30:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 16:30:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 16:30:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.20 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.11.20 14:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012.11.20 12:56:53 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\garcia\Desktop\ComboFix.exe
[2012.11.20 11:29:35 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{F468C3D9-ADB2-411D-9DF2-64968502265C}
[2012.11.20 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Roaming\Malwarebytes
[2012.11.20 11:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.20 11:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 11:11:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.19 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{DD564A27-A4D9-4DD5-B4A4-5D6D33DEEDDB}
[2012.11.18 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{7F37D4BE-1986-4498-A334-0B64989016FD}
[2012.11.17 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{B0439430-6B35-4211-BBC2-EF032F0565A5}
[2012.11.17 14:49:57 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Game of Thrones
[2012.11.17 11:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2012.11.17 11:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide
[2012.11.15 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{603917C9-63C4-4872-9771-17100AD49623}
[2012.11.12 16:44:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.11.12 16:43:34 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\Rockstar Games
[2012.11.12 16:43:07 | 000,000,000 | RH-D | C] -- C:\Users\garcia\AppData\Roaming\SecuROM
[2012.11.10 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\{B7B750BD-90AF-4A9C-9A9F-3AB4D889280F}
[2012.11.09 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Tomb Raider - Legend
[2012.11.06 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\NBGI
[2012.11.06 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\NBGI
[2012.11.05 11:43:10 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2012.11.05 11:43:04 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Local\Screentime
[2012.11.03 18:53:35 | 000,000,000 | ---D | C] -- C:\Users\garcia\Documents\Eidos
[2012.11.02 08:31:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.02 08:31:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.02 08:31:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.02 08:31:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.02 08:31:07 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.02 08:31:07 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.02 08:31:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.02 08:31:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.02 08:31:06 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.02 08:31:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.02 08:31:06 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.02 08:31:06 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.02 08:31:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.02 08:31:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.02 08:31:04 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.02 08:31:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.02 08:31:04 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.11.02 08:31:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.11.02 08:31:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.11.02 08:31:04 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.11.02 08:31:04 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.11.02 08:31:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.11.02 08:31:03 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.11.02 08:31:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.11.02 08:31:03 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.11.02 08:31:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.11.02 08:31:02 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.11.02 08:31:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.11.02 08:31:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.11.02 08:31:02 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.11.02 08:31:00 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.11.02 08:31:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.11.02 08:31:00 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.11.02 08:31:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.11.02 08:30:59 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.11.02 08:30:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.11.02 08:30:59 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.02 08:30:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.02 08:30:57 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.11.02 08:30:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.11.02 08:30:57 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.11.02 08:30:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.11.02 08:30:56 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.11.02 08:30:56 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.11.02 08:30:55 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.11.02 08:30:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.11.02 08:30:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.11.02 08:30:55 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.11.02 08:30:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.11.02 08:30:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.11.02 08:30:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.11.02 08:30:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.11.02 08:30:53 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.02 08:30:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.02 08:30:53 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.02 08:30:53 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.02 08:30:51 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.02 08:30:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.02 08:30:50 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.11.02 08:30:50 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.11.02 08:30:50 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.11.02 08:30:50 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.11.02 08:30:50 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.11.02 08:30:50 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.11.02 08:30:49 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.02 08:30:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.02 08:30:49 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.02 08:30:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.02 08:30:49 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.11.02 08:30:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.11.02 08:30:48 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.02 08:30:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.02 08:30:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.02 08:30:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.02 08:30:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.02 08:30:46 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.02 08:30:46 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.02 08:30:46 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.02 08:30:46 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.02 08:30:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.02 08:30:45 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.02 08:30:45 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.02 08:30:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.02 08:30:44 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.02 08:30:44 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.02 08:30:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.02 08:30:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.02 08:30:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.02 08:30:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.02 08:30:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.02 08:30:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.02 08:30:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.02 08:30:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.02 08:30:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.02 08:30:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.02 08:30:40 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.02 08:30:40 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.02 08:30:40 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.02 08:30:40 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.02 08:30:38 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.02 08:30:38 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.02 08:30:38 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.02 08:30:38 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.02 08:30:36 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.02 08:30:36 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.02 08:30:36 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.02 08:30:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.02 08:30:35 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.02 08:30:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.02 08:30:34 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.02 08:30:34 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.02 08:30:33 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.02 08:30:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.02 08:30:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.02 08:30:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.02 08:30:31 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.02 08:30:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.11.02 08:30:31 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.02 08:30:31 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.02 08:30:31 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.02 08:30:31 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.02 08:30:30 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.02 08:30:30 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.02 08:30:30 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.02 08:30:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.02 08:30:29 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.02 08:30:29 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.02 08:30:28 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.11.02 08:30:28 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.11.02 08:30:27 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.02 08:30:27 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.02 08:30:27 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.02 08:30:27 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.02 08:30:27 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.02 08:30:27 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.02 08:30:25 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.02 08:30:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.02 08:30:25 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.02 08:30:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.02 08:30:24 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.02 08:30:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.02 08:30:24 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.02 08:30:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.02 08:30:23 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.02 08:30:23 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.02 08:30:22 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.02 08:30:22 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.02 08:30:22 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.02 08:30:22 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.02 08:30:21 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.02 08:30:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.11.02 08:30:21 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.02 08:30:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.02 08:30:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.02 08:30:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.02 08:30:20 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.02 08:30:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.02 08:30:19 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.11.02 08:30:19 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.11.02 08:30:19 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.11.02 08:30:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.11.02 08:30:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.11.02 08:30:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.11.02 08:30:13 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.02 08:30:13 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.02 08:30:13 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.11.02 08:30:13 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.11.02 08:30:12 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.02 08:30:12 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.02 08:30:11 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.02 08:30:11 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.02 08:30:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.02 08:30:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.02 08:30:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.02 08:30:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.02 08:30:07 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.02 08:30:07 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.02 08:30:06 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.02 08:30:06 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.11.01 00:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.10.31 23:58:38 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\Torchlight.II-RELOADED
[2012.10.30 10:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.28 23:08:32 | 000,000,000 | ---D | C] -- C:\Users\garcia\Desktop\deksotpopop
[2012.10.28 11:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.28 11:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.28 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.28 11:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.27 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.24 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mark of the Ninja
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 17:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000UA.job
[2012.11.20 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 16:35:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.20 16:30:22 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\garcia\Desktop\ComboFix.exe
[2012.11.20 14:42:22 | 000,036,532 | ---- | M] () -- C:\Users\garcia\Desktop\1353417459061.jpg
[2012.11.20 13:40:08 | 000,776,324 | ---- | M] () -- C:\Users\garcia\Desktop\1351713976869.jpg
[2012.11.20 13:06:29 | 000,394,153 | ---- | M] () -- C:\Users\garcia\Desktop\1353400051796.jpg
[2012.11.20 12:36:52 | 006,407,009 | ---- | M] () -- C:\Users\garcia\Desktop\1351712742843.jpg
[2012.11.20 12:36:52 | 004,180,922 | ---- | M] () -- C:\Users\garcia\Desktop\1351712603389.jpg
[2012.11.20 12:36:52 | 002,467,403 | ---- | M] () -- C:\Users\garcia\Desktop\1351713020951.jpg
[2012.11.20 12:30:47 | 004,653,286 | ---- | M] () -- C:\Users\garcia\Desktop\1351712497636.jpg
[2012.11.20 11:04:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:04:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:03:28 | 001,830,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 11:03:28 | 000,782,716 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 11:03:28 | 000,723,404 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 11:03:28 | 000,179,136 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 11:03:28 | 000,146,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 10:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 10:57:11 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 00:58:00 | 000,177,181 | ---- | M] () -- C:\Users\garcia\Desktop\_inside_two_worlds__by_janeckart-d4the0g.jpg
[2012.11.20 00:53:10 | 000,013,403 | ---- | M] () -- C:\Users\garcia\Desktop\avatar_white.jpg
[2012.11.20 00:20:12 | 000,037,790 | ---- | M] () -- C:\Users\garcia\Desktop\$..jpg
[2012.11.20 00:15:25 | 000,014,666 | ---- | M] () -- C:\Users\garcia\Desktop\dream.xspf
[2012.11.20 00:00:50 | 001,769,523 | ---- | M] () -- C:\Users\garcia\Desktop\ropeartist_by_larrylee2-d59t718.jpg
[2012.11.19 22:14:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799551351-3960276517-2487386332-1000Core.job
[2012.11.18 12:09:05 | 000,039,640 | ---- | M] () -- C:\Users\garcia\Desktop\1353236900041.jpg
[2012.11.17 20:46:29 | 002,950,943 | ---- | M] () -- C:\Users\garcia\Desktop\_stalker__by_janek_sedlar-d5g9t5u.jpg
[2012.11.17 20:40:28 | 001,045,562 | ---- | M] () -- C:\Users\garcia\Desktop\1353180357206.gif
[2012.11.17 20:37:29 | 000,392,887 | ---- | M] () -- C:\Users\garcia\Desktop\1353180041941.gif
[2012.11.17 11:04:49 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Game of Thrones.lnk
[2012.11.14 21:23:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012.11.05 11:43:10 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Rockstar Fall.scr
[2012.11.05 11:43:10 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Rockstar Fall.scr
[2012.11.05 09:51:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.03 18:20:50 | 000,074,658 | ---- | M] () -- C:\Users\garcia\Documents\cc_20121103_182047.reg
[2012.11.03 16:18:29 | 000,086,202 | ---- | M] () -- C:\Users\garcia\Desktop\mushroom_in_the_forest_by_svitakovaeva-d5h2i9z.jpg
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.30 16:36:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.24 20:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.20 16:30:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 16:30:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 16:30:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 16:30:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 16:30:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.20 14:42:21 | 000,036,532 | ---- | C] () -- C:\Users\garcia\Desktop\1353417459061.jpg
[2012.11.20 14:28:38 | 000,002,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012.11.20 13:09:58 | 000,776,324 | ---- | C] () -- C:\Users\garcia\Desktop\1351713976869.jpg
[2012.11.20 13:06:29 | 000,394,153 | ---- | C] () -- C:\Users\garcia\Desktop\1353400051796.jpg
[2012.11.20 12:36:47 | 002,467,403 | ---- | C] () -- C:\Users\garcia\Desktop\1351713020951.jpg
[2012.11.20 12:36:39 | 006,407,009 | ---- | C] () -- C:\Users\garcia\Desktop\1351712742843.jpg
[2012.11.20 12:35:45 | 004,180,922 | ---- | C] () -- C:\Users\garcia\Desktop\1351712603389.jpg
[2012.11.20 12:29:42 | 004,653,286 | ---- | C] () -- C:\Users\garcia\Desktop\1351712497636.jpg
[2012.11.20 00:53:37 | 000,177,181 | ---- | C] () -- C:\Users\garcia\Desktop\_inside_two_worlds__by_janeckart-d4the0g.jpg
[2012.11.20 00:53:10 | 000,013,403 | ---- | C] () -- C:\Users\garcia\Desktop\avatar_white.jpg
[2012.11.20 00:20:10 | 000,037,790 | ---- | C] () -- C:\Users\garcia\Desktop\$..jpg
[2012.11.20 00:15:25 | 000,014,666 | ---- | C] () -- C:\Users\garcia\Desktop\dream.xspf
[2012.11.20 00:00:49 | 001,769,523 | ---- | C] () -- C:\Users\garcia\Desktop\ropeartist_by_larrylee2-d59t718.jpg
[2012.11.18 12:09:04 | 000,039,640 | ---- | C] () -- C:\Users\garcia\Desktop\1353236900041.jpg
[2012.11.17 20:40:27 | 001,045,562 | ---- | C] () -- C:\Users\garcia\Desktop\1353180357206.gif
[2012.11.17 20:37:28 | 000,392,887 | ---- | C] () -- C:\Users\garcia\Desktop\1353180041941.gif
[2012.11.17 20:15:40 | 002,950,943 | ---- | C] () -- C:\Users\garcia\Desktop\_stalker__by_janek_sedlar-d5g9t5u.jpg
[2012.11.17 11:04:49 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Game of Thrones.lnk
[2012.11.14 21:23:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012.11.03 18:20:48 | 000,074,658 | ---- | C] () -- C:\Users\garcia\Documents\cc_20121103_182047.reg
[2012.11.03 16:18:29 | 000,086,202 | ---- | C] () -- C:\Users\garcia\Desktop\mushroom_in_the_forest_by_svitakovaeva-d5h2i9z.jpg
[2012.10.30 16:36:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.24 20:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012.07.26 23:26:57 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2012.07.26 23:26:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\BMPPROC.DLL
[2012.06.29 16:40:42 | 000,162,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\ithsgt.sys
[2012.06.29 16:40:42 | 000,012,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\lilsgt.sys
[2012.06.27 23:13:55 | 000,000,094 | ---- | C] () -- C:\Users\garcia\AppData\Local\fusioncache.dat
[2012.05.27 16:25:07 | 000,001,456 | ---- | C] () -- C:\Users\garcia\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.05.27 16:24:55 | 000,000,132 | ---- | C] () -- C:\Users\garcia\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.05.20 11:47:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.17 10:28:45 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.28 15:32:33 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.28 15:32:25 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.28 15:32:24 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.28 15:32:24 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.05 19:43:39 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2012.04.02 22:03:15 | 000,000,003 | ---- | C] () -- C:\Users\garcia\AppData\Local\user_data.ini
[2012.04.01 18:28:59 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.01 18:28:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.01 13:16:43 | 000,007,600 | ---- | C] () -- C:\Users\garcia\AppData\Local\resmon.resmoncfg
[2012.04.01 11:23:22 | 001,807,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.31 09:41:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.09 20:27:48 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\AnvSoft
[2012.10.07 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Audacity
[2012.08.06 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Braid
[2012.07.07 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Canon
[2012.10.05 21:29:34 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.06 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\DAEMON Tools Lite
[2012.03.31 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\DeviceVm
[2012.06.15 07:59:37 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\fltk.org
[2012.09.13 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\gd.sos.McPixel
[2012.08.22 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ICQ
[2012.05.17 10:26:39 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ImgBurn
[2012.04.02 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Leadertech
[2012.03.31 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LolClient
[2012.05.24 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LolClient2
[2012.06.14 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\LoneSurvivor
[2012.11.14 10:41:57 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Mp3tag
[2012.06.26 15:01:51 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Notepad++
[2012.09.15 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Origin
[2012.06.04 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\PACE Anti-Piracy
[2012.05.27 09:10:47 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\PCToolsFirewallPlus
[2012.05.22 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\ProtectDISC
[2012.04.12 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\RenPy
[2012.09.20 18:19:00 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\runic games
[2012.08.10 00:02:16 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\SecondLife
[2012.06.18 23:57:15 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Sinvise Systems
[2012.06.03 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.05 21:15:05 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Stardock
[2012.06.03 15:32:02 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\StepMania 5
[2012.04.05 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\TeamViewer
[2012.03.31 10:01:07 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Thunderbird
[2012.11.17 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\uTorrent
[2012.09.23 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\garcia\AppData\Roaming\Vessel
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 982 bytes -> C:\Users\garcia\AppData\Local\URThnzbIvXwo:veK7VNRcKPbvoxy2Ufg3zJ
@Alternate Data Stream - 956 bytes -> C:\Users\garcia\AppData\Local\Temp:zaXm0XDG3GRXqjbf1Auxd
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

ryder · 20.11.2012, 18:33

Da ist nix wirklich spannendes.

Schritt 1:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 982 bytes -> C:\Users\garcia\AppData\Local\URThnzbIvXwo:veK7VNRcKPbvoxy2Ufg3zJ
@Alternate Data Stream - 956 bytes -> C:\Users\garcia\AppData\Local\Temp:zaXm0XDG3GRXqjbf1Auxd
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6


:commands
[Emptytemp]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Deinstalliere µTOrrent und CCleaner weil :

Warnung vor Filesharingprogrammen

Hier:
Code:
ATTFilter
µTorrent
         
Zitat:

Lesestoff:
Filesharing
Nur um eines klarzustellen: Filesharing ist natürlich erstmal nicht schädlich. Jedoch sind viele Dateien, die im Datei-Pool angeboten werden stark verseucht. Da du die wahre Quelle des Downloads nicht kennst kannst du dir also nicht sicher sein, dass die Datei auch "sauber" ist. Weiterhin ist es so, dass diese Art des Dateientauschs oft auch für den Austausch von Audio- und Videodaten benutzt wird, die dem Urheberrecht unterliegen und deren unerlaubte Verbreitung gegen geltendes Recht verstößt.

Fazit: Auch wenn es durchaus legale Gründe gibt, eine solche Software zu benutzen so raten wir dennoch davon ab und empfehlen nachdrücklich diese Programme zu deinstallieren.

Warnung: Registry-Cleaner

Zitat:

Lesestoff:
Registry-Cleaner und temporäre Dateien
Aus deinen Logfiles geht hervor, dass du eines dieser Programme benutzt. Wir empfehlen solche Programme nicht zu benutzen. Die Registrierung ist ein zentraler Bestandteil des Betriebssystems. Löscht ein Registry-Cleaner die falschen Zeilen kann das im schlimmsten Fall dazu führen, dass dein Computer unbootbar wird. Einige verwaiste Registryeinträge sind nicht weiter tragisch und auch die höhere Geschwindigkeit beim Booten ist normalerweise nicht merklich. Das Risiko, dass das Programm dein System "zerstört" ist einfach zu hoch. Ich empfehle dir also dringend, das Programm zu deinstallieren.

Beispielsweise bei CCleaner wird auch eine Funktion angeboten die temporären Dateien zu löschen. Wenn du von der Registrybereinigung die Finger läßt ist gegen den Einsatz von CCleaner nichts zu sagen. Ein alternatives Programm dafür möchte ich dir gerne noch empfehlen: TFC - einfach als Administrator starten und zurücklehnen.

Schritt 3:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 4:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Daniel0815 · 20.11.2012, 20:14

Code:

ATTFilter

All processes killed
========== OTL ==========
ADS C:\Users\garcia\AppData\Local\URThnzbIvXwo:veK7VNRcKPbvoxy2Ufg3zJ deleted successfully.
ADS C:\Users\garcia\AppData\Local\Temp:zaXm0XDG3GRXqjbf1Auxd deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: garcia
->Temp folder emptied: 13044484 bytes
->Temporary Internet Files folder emptied: 269620281 bytes
->Java cache emptied: 27784092 bytes
->FireFox cache emptied: 1122795220 bytes
->Google Chrome cache emptied: 280161860 bytes
->Flash cache emptied: 112274 bytes
 
User: hedev
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46357040 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.679,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_193518

Files\Folders moved on Reboot...
C:\Users\garcia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
garcia :: GARCIA-PC [Administrator]

20.11.2012 19:42:50
mbam-log-2012-11-20 (19-42-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236159
Laufzeit: 3 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

CCleaner fliegt runter, aber das Torrent Programm brauch ich zum arbeiten. Ich benutze es nicht um irgendeinen Krimskrams aus dem Netz zu saugen sondern nur als Filehoster-Alternative.

SecurityCheck Link ging nicht. Manuel komm ich auch nicht auf deren Seite.

ryder · 20.11.2012, 20:19

Alternative:

SecurityCheck Download

Daniel0815 · 20.11.2012, 20:29

Ich wollte erst auf eigene Faust ein Programm mit dem Namen suchen aber bin dann bei irgendwas von Norton gelandet. Ein Glück dass ich gewartet habe.

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.54  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 JavaFX 2.1.1    
 Java 7 Update 9  
 Adobe Flash Player 11.4.402.287  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader X (10.1.4) 
 Mozilla Firefox (16.0.2) 
 Mozilla Thunderbird (16.0.2) 
 Google Chrome 21.0.1180.83  
 Google Chrome 21.0.1180.89  
 Google Chrome 22.0.1229.79  
 Google Chrome 22.0.1229.92  
 Google Chrome 22.0.1229.94  
 Google Chrome 23.0.1271.64  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

20.11.2012, 12:55	#4
ryder /// TB-Ausbilder	Trojaner (OBTSM) durch Verknüpfungen einer NFO Ja das haben wir jetzt schon 3 mal gelesen... bitte den Anweisungen folgen. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

20.11.2012, 12:58	#5
ryder /// TB-Ausbilder	Trojaner (OBTSM) durch Verknüpfungen einer NFO Der MBR hat nur 512 bytes und kann Schädlinge enthalten. Jetzt keine Panik sondern arbeite mit __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

20.11.2012, 20:19	#14
ryder /// TB-Ausbilder	Trojaner (OBTSM) durch Verknüpfungen einer NFO Alternative: SecurityCheck Download __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Trojaner (OBTSM) durch Verknüpfungen einer NFO

Plagegeister aller Art und deren Bekämpfung: Trojaner (OBTSM) durch Verknüpfungen einer NFO