| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2012, 19:32
| #1 |
| |  "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2 Hallo! Habe exakt selbes Problem wie MD2012: http://www.trojaner-board.de/128504-...g-sys-com.html Ich warte erst einmal wie sich sein Thread weiterentwickelt und würde mich bei Abweichung zum entfernen nochmal extra hier melden. Darf ja leider nicht in seinen Thread antworten  Aber schonmal vielen lieben Dank im Voraus!!! PS: Die ganzen Scans mit - Malwarebytes - Ad-Aware - KIS 2013 (mein AvirProggi) bringen kein Ergebnis, da die Java-Anwendung ja erst vom IE installiert werden möchte und ich/wir (MD2012) das natürlich nicht mache/n. EDIT: Hier schonmal mein OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.12.2012 19:48:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tommy Hilfaker\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,97 Gb Total Physical Memory | 9,77 Gb Available Physical Memory | 81,62% Memory free 23,93 Gb Paging File | 21,75 Gb Available in Paging File | 90,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 93,25 Gb Free Space | 62,57% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 193,03 Gb Free Space | 49,42% Space Free | Partition Type: NTFS Drive E: | 540,88 Gb Total Space | 371,75 Gb Free Space | 68,73% Space Free | Partition Type: NTFS Computer Name: TOMMYHILFAKER | User Name: Tommy Hilfaker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tommy Hilfaker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) PRC - D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) PRC - D:\Progs\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () PRC - D:\Progs\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink) PRC - D:\Progs\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - D:\Progs\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\GIGABYTE\GHOST\Tilt.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll () MOD - C:\Program Files (x86)\GIGABYTE\GHOST\Tilt.exe () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Hamachi2Svc) -- D:\Progs\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TunngleService) -- D:\Progs\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (TuneUp.UtilitiesSvc) -- D:\Progs\TuneUp Utilities\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (CyberLink PowerDVD 12 Media Server Service) -- D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (TeamViewer6) -- D:\Progs\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CLHNServiceForPowerDVD) -- D:\Progs\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () SRV - (CyberLink PowerDVD 11.0 Service) -- D:\Progs\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- D:\Progs\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RaMediaServer) -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (HPSLPSVC) -- D:\Progs\HP Printer\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (hpqcxs08) -- D:\Progs\HP Printer\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- D:\Progs\HP Printer\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (HydraWDDM) -- C:\Windows\SysNative\drivers\HydraWDDM.sys (Lucidlogix Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (HydraPGU_EEP) -- C:\Windows\SysNative\drivers\HydraPGU_EEP.sys (Lucidlogix Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\5225.tmp (Sophos Plc) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- D:\Progs\TuneUp Utilities\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (ntk_PowerDVD12) -- D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- D:\Progs\PowerDVD\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD) -- D:\Progs\PowerDVD\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.) DRV - (NTIOLib_1_0_8) -- D:\Program Files\MSI\MSIWDev\NTIOLib_X64.sys (MSI) DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI) DRV - (ISODrive) -- C:\Progs\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 49 05 D0 58 DF CD 01 [binary data] IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=scorpion.premiumize.me:80 IE - HKU\S-1-5-21-4219023224-2818774634-3534157912-1008\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/06247824b24ba4720a6e0557d0f19994/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Progs\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tommy Hilfaker\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tommy Hilfaker\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 10:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 10:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 10:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.21 10:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.21 10:08:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Progs\Firefox\components [2012.12.23 12:33:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Progs\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Progs\Thunderbird\components [2012.09.05 11:08:18 | 000,000,000 | ---D | M] [2012.02.12 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Extensions [2012.02.12 18:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.23 12:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Firefox\Profiles\17mzre17.default\extensions [2012.09.03 16:28:47 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Firefox\Profiles\17mzre17.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.11.28 15:37:49 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Firefox\Profiles\17mzre17.default\extensions\foxyproxy@eric.h.jung [2012.12.23 12:32:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\Firefox\Profiles\17mzre17.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.11.21 14:20:54 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Tommy Hilfaker\AppData\Roaming\mozilla\firefox\profiles\17mzre17.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.12.21 10:08:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\Tommy Hilfaker\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Tommy Hilfaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2012.02.25 18:42:38 | 000,000,553 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 secure.tune-up.com O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Tilt] C:\Program Files (x86)\GIGABYTE\GHOST\Tilt.exe () O4 - HKLM..\Run: [VirtualCloneDrive] D:\Progs\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Konsole Starter.lnk = C:\Program Files (x86)\Creative\Console Launcher\ConsoLCu.exe (Creative Technology Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Progs\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Progs\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Progs\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..Trusted Domains: com ([www.msi] http in Trusted sites) O15 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) O15 - HKU\S-1-5-21-4219023224-2818774634-3534157912-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{554207BE-F5D0-4CE6-8936-FF6E62075B79}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8E19B0-D5B1-4D78-9C8B-C3435C8D6CC6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD9296FC-F7EE-42A4-BCEF-C62C1ADD9344}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\HYDRAL~1\appinit_dll.dll) - C:\Programme\Lucidlogix Technologies\HYDRALOGIX\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\HYDRAL~1\x86\appinit_dll.dll) - C:\Programme\Lucidlogix Technologies\HYDRALOGIX\x86\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\excel.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\extendscript toolkit.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\googleearth.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nvstlink.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nvstview.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pixel bender toolkit.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winword.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\extendscript toolkit.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\googleearth.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nvstlink.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nvstview.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pixel bender toolkit.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\switchboard.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - D:\Progs\TuneUp Utilities\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - D:\Progs\HP Printer\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^Users^Tommy Hilfaker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech blank Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpReg: ACPW05DE - hkey= - key= - D:\Progs\ACDSee\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - C:\Progs\Eraser\Eraser.exe (The Eraser Project) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Tommy Hilfaker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HYDRALOGIX - hkey= - key= - C:\Program Files\Lucidlogix Technologies\HYDRALOGIX\HydraControlPanel.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\Progs\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Launch LCore - hkey= - key= - C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\Progs\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PowerDVD12Agent - hkey= - key= - D:\Progs\PowerDVD12\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: PowerDVD12DMREngine - hkey= - key= - D:\Progs\PowerDVD12\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\Progs\Quicktime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RemoteControl11 - hkey= - key= - D:\Progs\PowerDVD\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Super-Charger - hkey= - key= - C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\Progs\Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7A389AED-0DF9-3C41-C108-A9725E6DA22F} - Macromedia Shockwave Director 10.1 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 19:35:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy Hilfaker\Desktop\OTL.exe [2012.12.23 12:53:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tommy Hilfaker\Desktop\HiJackThis204.exe [2012.12.23 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\AppData\Roaming\LavasoftStatistics [2012.12.23 12:34:00 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 12:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012.12.23 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012.12.23 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.12.19 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\Desktop\Neuer Ordner [2012.12.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\Documents\Nexus Mod Manager [2012.12.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\AppData\Local\Black_Tree_Gaming [2012.12.05 11:47:51 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\Documents\Endless Space [2012.12.02 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\AppData\Local\My Games [2012.12.02 19:42:13 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\AppData\Local\PunkBuster [2012.12.02 19:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit [2012.12.02 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.12.01 12:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.01 12:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver [2012.11.29 10:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life™ 2 Saga CM Edition [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.23 19:35:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy Hilfaker\Desktop\OTL.exe [2012.12.23 19:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.23 19:00:06 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 19:00:06 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.23 19:00:06 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.23 19:00:06 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.23 19:00:06 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.23 18:58:21 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 18:58:21 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 18:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.23 18:52:13 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000018-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.12.23 18:52:13 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000018-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.12.23 18:52:13 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000018-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.12.23 18:47:08 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.23 18:47:08 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.23 18:45:22 | 000,016,553 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\bookmark.htm [2012.12.23 12:53:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tommy Hilfaker\Desktop\HiJackThis204.exe [2012.12.23 12:46:18 | 000,166,983 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\Pop.jpg [2012.12.23 12:34:00 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 12:33:52 | 000,000,132 | ---- | M] () -- C:\Windows\wininit.ini [2012.12.23 11:50:14 | 000,058,672 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\cc_20121223_114953.reg [2012.12.22 13:15:14 | 000,033,099 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\52.jpg [2012.12.22 12:51:50 | 000,060,372 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\Dokument.pdf [2012.12.21 13:34:10 | 005,115,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 17:18:42 | 000,088,153 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\25984d43e41ae9943389d3f46b87289e.jpg [2012.12.11 09:39:48 | 000,123,576 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\0110.jpg [2012.12.07 15:40:06 | 191,633,867 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\The Hobbit Trailer @ 48fps - High Quality.flv [2012.12.02 19:42:18 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.02 19:42:18 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.02 19:37:25 | 000,282,512 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.02 19:37:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.02 11:55:36 | 000,039,424 | ---- | M] () -- C:\Users\Tommy Hilfaker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.29 10:56:03 | 000,001,169 | ---- | M] () -- C:\Users\Tommy Hilfaker\Desktop\Half-Life™ 2 Saga CM Edition.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.23 18:47:08 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.23 18:47:08 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.23 18:45:22 | 000,016,553 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\bookmark.htm [2012.12.23 12:46:17 | 000,166,983 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\Pop.jpg [2012.12.23 12:33:52 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2012.12.23 11:49:57 | 000,058,672 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\cc_20121223_114953.reg [2012.12.22 13:15:14 | 000,033,099 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\52.jpg [2012.12.22 12:51:50 | 000,060,372 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\Dokument.pdf [2012.12.20 17:18:47 | 000,088,153 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\25984d43e41ae9943389d3f46b87289e.jpg [2012.12.11 09:39:48 | 000,123,576 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\0110.jpg [2012.12.07 15:31:11 | 191,633,867 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\The Hobbit Trailer @ 48fps - High Quality.flv [2012.12.02 19:42:18 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.11.29 10:56:03 | 000,001,169 | ---- | C] () -- C:\Users\Tommy Hilfaker\Desktop\Half-Life™ 2 Saga CM Edition.lnk [2012.11.17 13:49:02 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.17 13:49:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.08.18 10:47:00 | 000,003,153 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat [2012.08.18 10:46:20 | 000,535,416 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012.08.18 10:46:20 | 000,003,019 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat [2012.08.18 10:44:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.26 12:40:33 | 000,001,588 | ---- | C] () -- C:\Windows\debugrcfile.ini [2012.03.30 17:13:44 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2012.01.15 18:27:03 | 000,009,202 | ---- | C] () -- C:\Users\Tommy Hilfaker\.recently-used.xbel [2011.12.31 13:32:50 | 000,233,408 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.12.19 19:37:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.13 09:14:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.13 09:14:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.13 09:14:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.13 09:14:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.13 09:14:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.15 17:46:43 | 000,039,424 | ---- | C] () -- C:\Users\Tommy Hilfaker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.06 19:32:43 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2011.09.22 17:31:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.09.10 11:15:31 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.09.10 11:15:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.09.10 11:15:17 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2011.09.02 19:46:04 | 000,000,279 | ---- | C] () -- C:\Windows\PowerReg.dat [2011.09.02 12:45:43 | 000,017,408 | ---- | C] () -- C:\Users\Tommy Hilfaker\AppData\Local\WebpageIcons.db [2011.09.02 11:39:05 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.09.02 11:39:03 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.09.02 11:39:03 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.09.02 11:30:32 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Tommy Hilfaker\AppData\Local\{a836cc42-5874-86d8-cb38-f493e68dc09c}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tommy Hilfaker\AppData\Local\{a836cc42-5874-86d8-cb38-f493e68dc09c}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tommy Hilfaker\AppData\Local\{a836cc42-5874-86d8-cb38-f493e68dc09c}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Tommy Hilfaker\AppData\Local\{a836cc42-5874-86d8-cb38-f493e68dc09c}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.09.02 13:36:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\ACD Systems [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\AIMP3 [2012.10.27 14:16:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\BoneCraft [2012.04.18 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\calibre [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DAEMON Tools Lite [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DAEMON Tools Pro [2012.02.16 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DarknessII [2012.05.13 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Ekci [2012.01.15 18:27:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\gtk-2.0 [2011.09.23 15:19:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\ImgBurn [2011.09.02 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Leadertech [2012.05.15 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Meebe [2011.09.13 18:28:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\mkvtoolnix [2012.08.18 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Mp3tag [2012.07.20 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Nik Software [2011.11.30 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Notepad++ [2012.05.26 12:47:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\onOne Software [2012.03.03 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\pdfforge [2012.11.17 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\PunkBuster [2011.11.03 16:32:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\RapidCRC [2011.12.13 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TeamViewer [2011.09.02 11:47:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Thunderbird [2012.02.12 18:38:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TomTom [2011.12.19 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TuneUp Software [2012.11.02 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Tunngle [2011.10.23 17:33:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\WindSolutions [2011.12.08 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\XMedia Recode [2012.05.15 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Yfvuy [2011.10.23 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Youtube Downloader HD ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.13 09:27:51 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN [2012.12.23 12:40:49 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.02 11:04:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.02 11:06:44 | 000,000,000 | ---D | M] -- C:\Intel [2012.03.13 20:27:54 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.11.17 14:54:14 | 000,000,000 | ---D | M] -- C:\oldgames [2012.11.08 19:40:13 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.23 12:32:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.23 12:42:58 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.09.02 11:04:23 | 000,000,000 | -HSD | M] -- C:\Programme [2012.05.26 16:57:15 | 000,000,000 | ---D | M] -- C:\Progs [2011.12.13 09:28:53 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.09.02 11:09:03 | 000,000,000 | ---D | M] -- C:\RaidTool [2011.09.02 11:04:23 | 000,000,000 | ---D | M] -- C:\Recovery [2012.12.23 19:49:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.29 16:48:46 | 000,000,000 | ---D | M] -- C:\TEMP [2012.10.06 12:10:29 | 000,000,000 | R--D | M] -- C:\Users [2012.12.23 18:46:30 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.02 13:36:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\ACD Systems [2012.09.15 08:45:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Adobe [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\AIMP3 [2012.06.10 11:07:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Apple Computer [2012.10.27 14:16:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\BoneCraft [2012.04.18 11:49:48 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\calibre [2011.09.10 12:04:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Creative [2012.08.30 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\CyberLink [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DAEMON Tools Lite [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DAEMON Tools Pro [2012.02.16 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\DarknessII [2012.05.13 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Ekci [2012.01.15 18:27:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\gtk-2.0 [2012.03.30 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\HP [2011.09.02 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Identities [2011.09.23 15:19:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\ImgBurn [2011.09.02 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\InstallShield [2011.10.07 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Intel Corporation [2012.12.23 12:35:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\LavasoftStatistics [2011.09.02 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Leadertech [2012.06.15 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Logishrd [2012.06.15 21:38:25 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Logitech [2011.09.02 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Macromedia [2011.12.13 09:44:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Malwarebytes [2011.04.12 08:54:45 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Media Center Programs [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Media Player Classic [2012.05.15 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Meebe [2012.12.23 19:24:30 | 000,000,000 | --SD | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft [2011.09.13 18:28:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\mkvtoolnix [2012.04.12 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Mozilla [2012.08.18 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Mp3tag [2012.07.20 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Nik Software [2011.11.30 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Notepad++ [2011.10.11 19:30:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\NVIDIA [2012.05.26 12:47:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\onOne Software [2012.03.03 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\pdfforge [2012.11.17 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\PunkBuster [2011.11.03 16:32:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\RapidCRC [2011.12.13 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TeamViewer [2011.09.02 11:47:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Thunderbird [2012.02.12 18:38:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TomTom [2011.12.19 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\TuneUp Software [2012.11.02 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Tunngle [2012.12.23 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\vlc [2012.12.23 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Winamp [2011.10.23 17:33:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\WindSolutions [2011.09.02 12:11:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\WinRAR [2011.12.08 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\XMedia Recode [2012.05.15 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Yfvuy [2011.10.23 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy Hilfaker\AppData\Roaming\Youtube Downloader HD < %APPDATA%\*.exe /s > [2012.11.29 11:08:46 | 007,631,704 | ---- | M] (AIMP DevTeam) -- C:\Users\Tommy Hilfaker\AppData\Roaming\AIMP3\UpdateInstaller.exe [2012.02.09 20:08:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Tommy Hilfaker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.01.30 21:09:48 | 000,029,926 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe [2012.01.30 21:09:48 | 000,029,422 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe [2011.09.14 14:55:38 | 000,045,126 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{57019733-78E6-43DE-8E6D-55349F0FDE6F}\_25838CCE72A1AC2ABE5D8D.exe [2011.09.14 14:55:38 | 000,045,126 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{57019733-78E6-43DE-8E6D-55349F0FDE6F}\_6FEFF9B68218417F98F549.exe [2011.09.14 14:55:38 | 000,045,126 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{57019733-78E6-43DE-8E6D-55349F0FDE6F}\_B959C1FE92F059D1BDE1B4.exe [2012.06.06 17:34:41 | 000,119,808 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [2011.11.23 17:38:29 | 003,123,272 | R--- | M] () -- C:\Users\Tommy Hilfaker\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe [2011.10.23 17:20:52 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\Tommy Hilfaker\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe [2011.10.23 17:26:25 | 008,413,976 | ---- | M] (WindSolutions) -- C:\Users\Tommy Hilfaker\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
23.12.2012, 20:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2 Hallo und
__________________ Code:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ |
|
24.12.2012, 11:01
| #3 |
| | "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2 Hmm..das ist ne Änderung in der Hosts und kein Crack oder Keygen, also eigentlich nicht regelwidrig oder? Hatte den Sinn meine PS7-Version in der 30 Tage Testversion zu belassen und dementsprechend 2 Registrierungswerte auf Ausgangszustand zurücksetzen zu können
__________________ Wenn euch das sauer aufgestoßen sein sollte, dann tut mir das wirklich leid! Wäre echt schade wenn jetzt der Support eurerseits aufgrund dieses Eintrags beendet sein sollte  EDIT: Seit heute morgen ist der Fehler nicht mehr ausfindig zu machen. Werde trotzdem nochmal sämtliche Änderungen des Rechners in den letzten 3 Tagen hinterfragen. Evtl war ein Win-Update die Folge, welches ich am Abend vorher gemacht habe. Weiteres EDIT: Wie ich jetzt per Google herausgefunden habe, haben dieses Problem in den letzten 24h alle User die MSN als Startseite integriert hatten, da im Quelltext enthalten. Mittlerweile hat MSN den Fehler behoben. Trotzdem danke für eure Hilfe  PS: Jetzt wird schon dieser Thread als Problemlösung u.a. im Chip Forum angeboten. Nur schade dass ich jetzt im gleichen Atemzug auch als Raubkopierer "gebranntmarkt" bin. Geändert von TommyH (24.12.2012 um 11:04 Uhr) Grund: EDIT |
|
24.12.2012, 16:32
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2Zitat:
Code:
ATTFilter O1 - Hosts: 127.0.0.1 secure.tune-up.com
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu "OAD_SkinComp_ClickableWP_binder.js" von "ds.serving-sys.com" Nr. 2 |
| 4d36e972-e325-11ce-bfc1-08002be10318, antworten, avp.exe, black, c:\windows\system32\cmd.exe, ebanking, entferne, entfernen, eraser, ergebnis, extra, gen, index, installier, installiert, internet security 2013, kaspersky internet security 2013, kis, liebe, lieben, melde, natürlich, nexus, nodrives, nvidia update, plug-in, problem, scans, schonmal, thread, weiteren, weiterentwickelt, wickel, worte, wrapper, würde, youtube downloader |
Linear-Darstellung
