| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Tan-Trojaner oder nicht?!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.12.2010, 22:43
| #1 |
 |  Tan-Trojaner oder nicht?! Guten Tag!! Ich wollte heute zum ersten Mal dieses "online banking" System ausprobieren und habe mich erfolgreich angemeldet. Als ich eine Überweisung machen wollte, habe ich drei mal eine TAN eingeben müssen. Anscheinend waren sie entweder falsch getippt oder nicht aktiviert worden. Jedenfalls bekam ich keine Nachricht, in der ich aufgefordert wurde, 20 oder 100 Tans einzugeben. Ich gab die "online" Überweisung auf und versuchte, meinen Kontostand zu schauen ,jedoch war das zur Zeit nicht möglich. Danach habe ich einen Virusscan durchführen lassen und entdeckte einen Virus/Problem. Ich weiß nicht, ob ich es mit Adware/Malware zu tun habe. Wie soll ich vorgehen? Auf Auskünfte und Hilfe freue ich mich!  |
|
07.12.2010, 12:23
| #2 |
| /// Malware-holic   | Tan-Trojaner oder nicht?! und welchen trojaner? wir sind ja nicht bei den hellsehern.
__________________du wirst warscheinlich neu aufsetzen müssen. poste folgendes: ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide logs.
__________________ |
|
07.12.2010, 18:03
| #3 |
| | Tan-Trojaner oder nicht?! OTL:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 07.12.2010 17:27:30 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 9,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,45 Gb Total Space | 8,80 Gb Free Space | 11,83% Space Free | Partition Type: NTFS Drive E: | 73,13 Gb Total Space | 33,26 Gb Free Space | 45,48% Space Free | Partition Type: NTFS Computer Name: MPCM | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Winamp2\winamp.exe (Nullsoft) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\*\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation) MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sp_rssrv) -- C:\Users\*\AppData\Local\Ares\My Shared Folder\sp_rsser.exe File not found SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not found SRV - (avg8emc) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_5632d69.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (SCRCAMHRDRV) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (mchInjDrv) -- C:\Windows\System32\drivers\mchInjDrv.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (SynasUSB) -- C:\Windows\System32\drivers\SynasUSB.sys (SIA Syncrosoft) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Finale NotePad 2009\Help Files\Skin\Blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com, IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com, IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Finale NotePad 2009\Help Files\Skin\Blank.htm IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 57 BF 1D AF 93 CB 01 [binary data] IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.07 19:22:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 09:20:47 | 000,000,000 | ---D | M] [2009.06.14 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2010.12.06 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions [2010.06.24 13:51:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.19 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.06.22 11:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.04 07:49:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.07 20:10:05 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2010.11.11 11:37:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\foxfilter@inspiredeffect.net [2010.03.22 18:58:53 | 000,002,252 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\askcom.xml [2010.12.07 17:17:11 | 000,000,944 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\icqplugin.xml [2010.06.30 00:23:02 | 000,000,266 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\Search.xml [2010.12.06 22:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.12.02 21:47:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.29 09:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.29 09:37:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.05 08:29:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.05 08:29:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.05 08:29:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.05 08:29:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.05 08:29:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.06 21:55:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\All Users\44755A6B-3F1D-4238-B2EF-77D59B73B320 [2010.12.03 16:42:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2010.03.16 16:05:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe Systems [2009.09.07 07:34:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Anwendungsdaten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Apple Computer [2009.08.25 22:33:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Autodesk [2010.02.02 09:09:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\avg9 [2010.06.20 12:41:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Avira [2010.12.06 18:04:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Big Fish Audio [2010.11.22 17:03:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Cached Installations [2010.03.27 13:13:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Cakewalk [2010.11.11 21:06:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010.05.14 07:56:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Pro [2010.04.10 20:50:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DFX [2010.02.23 20:34:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DivX [2010.12.03 16:28:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Dokumente [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\East West [2010.02.22 15:21:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2009.09.23 11:56:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\eLicenser [2010.04.17 15:44:57 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favoriten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\FLEXnet [2010.02.01 19:01:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Google [2008.11.24 16:25:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ICQ [2010.01.31 00:45:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Identities [2009.08.26 12:59:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\inf [2010.12.06 06:58:53 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\InstallShield [2008.11.23 19:09:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IObit [2009.12.02 06:33:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IsolatedStorage [2010.11.17 17:28:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Kaspersky Lab [2010.08.12 07:19:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\KORG [2010.03.17 08:21:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Lavasoft [2010.06.20 12:23:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\MAGIX [2010.08.11 14:13:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2010.12.06 22:47:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009.12.04 08:11:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2010.12.05 20:54:30 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\MTexturedStyles [2010.11.11 09:21:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Native Instruments [2010.05.15 14:05:56 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Software [2010.12.04 13:10:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Swift Sound [2010.07.14 13:43:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Nero [2009.11.20 21:41:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Nitro PDF [2010.05.16 19:25:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Note [2010.03.15 22:37:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PACE Anti-Piracy [2010.11.21 18:12:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ParetoLogic [2010.12.06 08:23:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Tools [2010.12.06 08:21:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PersonalBrain [2010.11.09 21:48:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\RegCure [2010.12.06 08:24:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Resolume 2.4 [2010.02.24 19:43:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Resolume Avenue 3 [2010.02.23 19:40:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SafeNet Sentinel [2010.07.01 17:44:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SecTaskMan [2009.12.02 17:38:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sibelius Software [2009.06.23 12:00:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Skype [2010.12.02 21:45:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SmartSound Software Inc [2010.04.17 19:37:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2010.03.23 10:59:42 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spectrasonics [2010.03.15 22:44:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SPSS [2010.11.14 20:08:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2010.01.02 20:19:28 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spyware Terminator [2010.02.23 14:24:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Startmenü [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2010.06.29 09:38:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010.03.23 21:15:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Syncrosoft [2010.04.17 15:44:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\T2 () O4 - Startup: C:\Users\All Users\TEMP [2010.12.06 08:42:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2006.11.02 14:02:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\TOSHIBA [2008.02.22 10:17:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ToshibaEurope [2008.10.02 09:12:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Trymedia [2008.11.16 19:14:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ulead Systems [2009.06.13 14:18:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2010.06.20 09:32:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Vorlagen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\WindowsSearch [2008.11.21 13:12:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WinZip [2010.12.04 11:47:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WLInstaller [2008.10.03 18:27:32 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\XoftSpySE [2010.12.06 08:17:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} [2010.11.13 14:19:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607} [2010.12.04 11:03:58 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{B386D963-5B25-453D-944B-BCE9993F76FA} [2010.05.14 19:41:09 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [2010.05.14 19:34:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8} [2010.05.14 17:33:05 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF} [2010.05.14 17:34:15 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Anwendungsdaten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\AppData [2006.11.02 12:18:34 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2008.02.18 16:56:45 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2008.10.02 09:07:44 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Druckumgebung [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Eigene Dateien [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Favorites [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Lokale Einstellungen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Netzwerkumgebung [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2006.11.02 11:23:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Startmenü [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Vorlagen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\.spss [2010.07.02 21:06:29 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\.sv1 [2010.02.09 08:05:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Anwendungsdaten [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\AppData [2009.01.07 23:21:54 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\*\Application Data [2010.11.20 18:54:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Contacts [2010.11.16 18:22:00 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Cookies [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Desktop [2010.12.07 08:43:11 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Documents [2010.12.06 08:14:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Dokumente [2010.11.20 18:54:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Downloads [2010.12.07 17:24:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Druckumgebung [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Eigene Dateien [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Favorites [2010.12.04 13:21:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Links [2010.03.27 21:28:42 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Lokale Einstellungen [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Metal-Kit.ADPreset () O4 - Startup: C:\Users\*\Music [2010.10.19 18:11:10 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Netzwerkumgebung [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\ntuser.dat () O4 - Startup: C:\Users\*\ntuser.dat.LOG1 () O4 - Startup: C:\Users\*\ntuser.dat.LOG2 () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\*\ntuser.ini () O4 - Startup: C:\Users\*\Pictures [2010.12.05 18:06:28 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Recent [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Searches [2009.01.07 23:21:54 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\SendTo [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Startmenü [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Tracing [2010.12.06 20:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Videos [2010.12.04 13:10:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Vorlagen [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Public\AppData [2010.12.06 22:02:53 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\blobs.log () O4 - Startup: C:\Users\Public\Desktop [2010.12.06 22:47:54 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2010.12.01 15:48:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2009.04.01 16:39:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\DRM [2008.02.18 16:59:37 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Public\Favorites [2006.11.02 11:23:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TM.blf () O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TM.blf () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Public\Pictures [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2006.11.02 13:37:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Videos [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\*\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.01 18:39:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig - StartUpReg: Uniblue RegistryBooster2 - hkey= - key= - c:\Programme\Uniblue\RegistryBooster 2\StartRegistryBooster.exe (Uniblue Software) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {20F8FEC0-965A-A595-3FE9-DBCEFE0CFC0F} - Windows Media Player 5.2 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4A567DD8-FF8C-46B3-1746-01C1DAC6EA3C} - NetShow ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5CF4A50F-3F58-AA75-2C7C-CA896F5D119F} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7DD550A7-7704-17BC-E311-AD91FF1C0B7E} - .NET Framework ActiveX: {86609876-FA84-2381-799C-BE7F22E0D04E} - Browser Customizations ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B281A18D-29FC-C96C-85EB-10AC0C60F44B} - Windows Media Player 5.2 ActiveX: {BF86C24E-B3D3-1E53-C99F-53B4712355BE} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E240802E-3C27-75B6-9F24-7ABC54E237AA} - Microsoft Windows Media Player ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.12.06 22:48:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2010.12.06 22:47:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.06 22:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.06 22:47:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.06 22:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.06 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\CrashDumps [2010.12.06 22:14:39 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.12.06 22:05:32 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.06 22:03:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.12.06 22:02:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.12.06 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\temp [2010.12.06 21:32:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.06 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Avira [2010.12.06 18:04:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.06 18:04:39 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.06 18:04:34 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.12.06 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.06 08:30:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.12.06 08:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2010.12.06 07:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure [2010.12.06 07:38:02 | 000,000,000 | ---D | C] -- C:\Windows\localdumps [2010.12.06 07:16:32 | 000,000,000 | ---D | C] -- C:\Windows\PixArt [2010.12.06 06:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\inf [2010.12.05 11:32:22 | 000,000,000 | R--D | C] -- C:\Users\*\Documents\Notes [2010.12.04 21:20:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.12.04 21:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.12.04 21:19:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 13:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2010.12.04 12:38:40 | 000,221,184 | ---- | C] (Axis) -- C:\Windows\System32\prScrCamFXControls.ocx [2010.12.04 12:38:40 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\PCWinSoftPBar.ocx [2010.12.04 12:38:39 | 000,053,248 | ---- | C] (PCWinSoft Systems Informatica Ltda) -- C:\Windows\System32\BSwitch.ax [2010.12.04 12:05:23 | 000,232,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys [2010.12.04 12:05:22 | 000,000,000 | ---D | C] -- C:\Programme\ScreenCamera [2010.12.04 11:03:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607} [2010.12.03 03:25:39 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.12.02 21:45:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.12.02 09:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\44755A6B-3F1D-4238-B2EF-77D59B73B320 [2010.12.02 09:47:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Propellerhead Software [2010.12.02 09:47:40 | 000,000,000 | ---D | C] -- C:\Programme\PreSonus [2010.12.01 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Version Cue [2010.12.01 21:47:36 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Adobe [2010.12.01 15:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.12.01 15:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared [2010.12.01 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Adobe CS3 [2010.12.01 08:52:58 | 000,000,000 | ---D | C] -- C:\Programme\Ares [2010.11.22 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\iZotope [2010.11.22 17:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Audio [2010.11.22 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\iZotope Ozone 4 Presets [2010.11.21 18:08:37 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\iZotope iDrum Content [2010.11.21 18:08:36 | 000,000,000 | ---D | C] -- C:\Programme\iZotope [2010.11.20 10:13:36 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\System32\Synsopos.exe [2010.11.20 10:13:33 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A [2010.11.20 10:13:25 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\System32\SynsoLChk.dll [2010.11.19 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.11.17 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.11.17 21:11:22 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\authorGEN Projects [2010.11.17 20:22:04 | 000,000,000 | ---D | C] -- C:\Programme\authorGEN [2010.11.17 18:26:51 | 000,000,000 | ---D | C] -- C:\Programme\Slide Effect Trial [2010.11.17 17:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2010.11.17 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.17 09:01:03 | 000,000,000 | ---D | C] -- C:\Programme\IK Multimedia [2010.11.17 07:22:51 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\FAchartikel [2010.11.16 19:23:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.11.15 17:56:04 | 000,000,000 | ---D | C] -- C:\Windows\Absolut Piano Steinway [2010.11.14 20:14:01 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\SafeNet Sentinel [2010.11.14 20:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS [2010.11.14 20:06:15 | 000,000,000 | ---D | C] -- C:\Programme\SPSSInc [2010.11.14 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MusE [2010.11.14 19:37:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\MusE [2010.11.14 19:27:05 | 000,000,000 | ---D | C] -- C:\Programme\Millisecond Software [2010.11.13 21:54:41 | 000,000,000 | R--D | C] -- C:\Users\*\Documents\Orchestral shit [2010.11.11 22:47:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Leadertech [2010.11.11 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.11.11 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 22:03:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.11.11 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:02:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.11.11 22:01:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.11.11 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Spectrasonics [2010.11.11 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.11.11 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.11 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.11 09:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MTexturedStyles [2010.11.11 09:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\VST3 [2010.11.10 18:38:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Perspector [2010.11.10 18:38:34 | 000,000,000 | ---D | C] -- C:\Programme\Perspector [2010.11.09 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.11.09 21:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PersonalBrain [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.07 16:40:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.07 16:40:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.07 08:39:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.07 08:39:32 | 233,150,054 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.07 08:26:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.07 08:26:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.07 08:26:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.07 08:26:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.06 22:47:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.06 22:14:45 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.12.06 22:05:35 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.06 21:55:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.12.06 18:05:01 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.06 06:59:34 | 000,000,160 | ---- | M] () -- C:\Windows\MyDrivers.ini [2010.12.05 21:00:43 | 001,352,167 | ---- | M] () -- C:\Users\*\Desktop\untitled.mp3 [2010.12.05 19:31:58 | 000,048,080 | ---- | M] () -- C:\Users\*\Desktop\First movement.BAK [2010.12.05 15:00:53 | 000,584,192 | ---- | M] () -- C:\Users\*\Documents\Exprak.ppt [2010.12.05 14:59:53 | 000,033,792 | ---- | M] () -- C:\Users\*\Documents\Donders attempted to describe the processes going on in the mind by analyzing cognitive activity into separate.doc [2010.12.05 11:31:29 | 001,005,294 | ---- | M] () -- C:\Windows\System32\TmpA12358134 [2010.12.05 00:09:39 | 000,024,369 | ---- | M] () -- C:\Users\*\Documents\Wuppertal%20Institut%20f%C3%BCr%20Klima,%20Umwelt,%20Energie%20GmbH.pdf [2010.12.04 23:37:55 | 000,077,824 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.04 20:47:13 | 000,462,957 | ---- | M] () -- C:\Users\*\Desktop\creepyvoice.mp3 [2010.12.04 18:54:06 | 000,024,064 | ---- | M] () -- C:\Users\*\Documents\Dienstag 17.doc [2010.12.04 12:38:42 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\ScreenCamera.lnk [2010.12.04 11:49:35 | 000,006,472 | ---- | M] () -- C:\Users\*\Documents\Track 2 Recording 1.sfk [2010.12.04 11:49:35 | 000,004,208 | ---- | M] () -- C:\Users\*\Documents\Track 3 Recording 1.sfk [2010.12.04 11:49:01 | 000,530,870 | ---- | M] () -- C:\Users\*\Documents\Track 3 Recording 1.wav [2010.12.04 11:48:46 | 000,820,282 | ---- | M] () -- C:\Users\*\Documents\Track 2 Recording 1.wav [2010.12.04 11:44:02 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX [2010.12.04 11:44:02 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx [2010.12.03 18:42:59 | 000,048,640 | ---- | M] () -- C:\Users\*\Documents\Rusted Nature Texte.doc [2010.12.02 20:02:50 | 000,045,056 | ---- | M] () -- C:\Users\*\Documents\sadfsdf.doc [2010.12.02 18:10:12 | 001,005,568 | ---- | M] () -- C:\Users\*\Documents\Konformität.ppt [2010.12.02 08:50:37 | 000,024,907 | ---- | M] () -- C:\Users\*\Documents\devil.pdf [2010.12.02 07:58:31 | 001,079,742 | R--- | M] () -- C:\Users\*\Documents\Resources.xpak [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.22 18:52:50 | 004,905,865 | ---- | M] () -- C:\Users\*\Desktop\secondpart2134.mp3 [2010.11.22 18:12:50 | 003,836,934 | ---- | M] () -- C:\Users\*\Desktop\The dipstone cave.mp3 [2010.11.22 10:50:11 | 000,000,544 | ---- | M] () -- C:\Windows\adsfdsaf.dat [2010.11.22 10:46:59 | 000,024,064 | ---- | M] () -- C:\Users\*\Documents\adsg.doc [2010.11.22 10:39:07 | 000,006,634 | ---- | M] () -- C:\Windows\adsfdsaf.exp [2010.11.22 09:25:04 | 000,053,248 | ---- | M] (PCWinSoft Systems Informatica Ltda) -- C:\Windows\System32\BSwitch.ax [2010.11.22 07:07:57 | 003,228,803 | ---- | M] () -- C:\Users\*\Desktop\Strings1.mp3 [2010.11.22 06:49:32 | 003,833,799 | ---- | M] () -- C:\Users\*\Desktop\davidmiguel.mp3 [2010.11.21 20:08:43 | 004,814,861 | ---- | M] () -- C:\Users\*\Documents\sadfasdf.wmv [2010.11.21 19:49:04 | 000,000,086 | ---- | M] () -- C:\Windows\System32\Kompletes Experiment.exp [2010.11.21 18:49:39 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss [2010.11.21 18:49:39 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat [2010.11.21 17:07:20 | 000,000,056 | ---- | M] () -- C:\Windows\coolacm.ini [2010.11.21 15:32:03 | 000,034,304 | ---- | M] () -- C:\Users\*\Documents\Abstract.doc [2010.11.20 11:27:19 | 000,286,720 | ---- | M] () -- C:\Users\*\Documents\vdmeth_schneewind.doc [2010.11.20 10:52:00 | 012,066,304 | ---- | M] () -- C:\Users\*\Documents\Entwicklung_Skript_LiBiDo.doc [2010.11.19 22:44:09 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job [2010.11.18 13:42:02 | 000,451,072 | ---- | M] () -- C:\Users\*\Documents\Studie.ppt [2010.11.17 21:13:19 | 000,433,664 | ---- | M] () -- C:\Users\*\Documents\PRESENTATION NAME.ppt [2010.11.17 20:22:06 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\authorPOINT Lite.lnk [2010.11.17 18:39:09 | 000,451,072 | ---- | M] () -- C:\Users\*\Documents\asdfasdf.ppt [2010.11.17 18:27:10 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Slide Effect.lnk [2010.11.16 19:55:39 | 000,021,504 | ---- | M] () -- C:\Users\*\Documents\Lebenslauf01.doc [2010.11.16 17:44:33 | 000,070,240 | ---- | M] () -- C:\Users\*\Desktop\Test.pk [2010.11.15 22:44:50 | 000,272,409 | ---- | M] () -- C:\Windows\System32\TmpA22076559 [2010.11.15 18:05:33 | 000,014,192 | ---- | M] () -- C:\DEBUG.DBG [2010.11.15 18:05:33 | 000,003,346 | -H-- | M] () -- C:\Windows\System32\v12242B70498139.dll [2010.11.15 08:56:33 | 002,531,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.15 07:17:36 | 000,232,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys [2010.11.14 20:11:06 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz [2010.11.14 20:05:20 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz [2010.11.14 20:05:20 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm [2010.11.14 20:01:44 | 000,037,312 | ---- | M] () -- C:\Users\*\Metal-Kit.ADPreset [2010.11.14 19:27:10 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Inquisit 3.lnk [2010.11.10 17:32:37 | 000,004,666 | ---- | M] () -- C:\Users\*\Documents\jm.brain [2010.11.09 18:40:19 | 000,000,223 | -H-- | M] () -- C:\Windows\sysreg.dat [2010.11.09 16:00:00 | 000,667,255 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,208,881 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandReverbpresets.xml [2010.11.09 16:00:00 | 000,193,849 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDistortionpresets.xml [2010.11.09 16:00:00 | 000,191,692 | ---- | M] () -- C:\Users\*\AppData\Roaming\MAnalyzerpresets.xml [2010.11.09 16:00:00 | 000,163,535 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandConvolutionpresets.xml [2010.11.09 16:00:00 | 000,154,345 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandAutopanpresets.xml [2010.11.09 16:00:00 | 000,152,555 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,137,827 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandFlangerpresets.xml [2010.11.09 16:00:00 | 000,127,297 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFilterpresets.xml [2010.11.09 16:00:00 | 000,125,408 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandVibratopresets.xml [2010.11.09 16:00:00 | 000,120,395 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandChoruspresets.xml [2010.11.09 16:00:00 | 000,115,704 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandPhaserpresets.xml [2010.11.09 16:00:00 | 000,115,695 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2010.11.09 16:00:00 | 000,091,447 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDelaypresets.xml [2010.11.09 16:00:00 | 000,086,911 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,086,536 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequencepresets.xml [2010.11.09 16:00:00 | 000,084,095 | ---- | M] () -- C:\Users\*\AppData\Roaming\MReverbpresets.xml [2010.11.09 16:00:00 | 000,081,019 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandTremolopresets.xml [2010.11.09 16:00:00 | 000,059,052 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,051,825 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2010.11.09 16:00:00 | 000,042,795 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,038,763 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandTransientpresets.xml [2010.11.09 16:00:00 | 000,032,410 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandSaturatorpresets.xml [2010.11.09 16:00:00 | 000,028,727 | ---- | M] () -- C:\Users\*\AppData\Roaming\MSpectralDynamicspresets.xml [2010.11.09 16:00:00 | 000,024,793 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDynamicspresets.xml [2010.11.09 16:00:00 | 000,021,794 | ---- | M] () -- C:\Users\*\AppData\Roaming\MDynamicspresets.xml [2010.11.09 16:00:00 | 000,013,964 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFlangerpresets.xml [2010.11.09 16:00:00 | 000,012,248 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2010.11.09 16:00:00 | 000,011,422 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreeformEqualizerpresets.xml [2010.11.09 16:00:00 | 000,010,520 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandLimiterpresets.xml [2010.11.09 16:00:00 | 000,009,119 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,007,355 | ---- | M] () -- C:\Users\*\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2010.11.09 16:00:00 | 000,007,130 | ---- | M] () -- C:\Users\*\AppData\Roaming\MEqualizerpresets.xml [2010.11.09 16:00:00 | 000,006,953 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreeformAnalogEqpresets.xml [2010.11.09 16:00:00 | 000,006,444 | ---- | M] () -- C:\Users\*\AppData\Roaming\MCompressorpresets.xml [2010.11.09 16:00:00 | 000,005,138 | ---- | M] () -- C:\Users\*\AppData\Roaming\MWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,005,022 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2010.11.09 16:00:00 | 000,004,362 | ---- | M] () -- C:\Users\*\AppData\Roaming\MPhaserpresets.xml [2010.11.09 16:00:00 | 000,003,771 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,003,017 | ---- | M] () -- C:\Users\*\AppData\Roaming\MStereoProcessorpresets.xml [2010.11.09 16:00:00 | 000,002,775 | ---- | M] () -- C:\Users\*\AppData\Roaming\MStereoExpanderpresets.xml [2010.11.09 16:00:00 | 000,002,666 | ---- | M] () -- C:\Users\*\AppData\Roaming\MVibratopresets.xml [2010.11.09 16:00:00 | 000,002,366 | ---- | M] () -- C:\Users\*\AppData\Roaming\MTremolopresets.xml [2010.11.09 16:00:00 | 000,001,907 | ---- | M] () -- C:\Users\*\AppData\Roaming\MAutopanpresets.xml [2010.11.09 16:00:00 | 000,001,381 | ---- | M] () -- C:\Users\*\AppData\Roaming\MLimiterpresets.xml [2010.11.09 16:00:00 | 000,000,688 | ---- | M] () -- C:\Users\*\AppData\Roaming\MUltraMaximizerpresets.xml [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.07 08:39:32 | 233,150,054 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.12.06 22:47:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.06 22:14:45 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.12.06 22:05:35 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.06 18:05:01 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.06 06:59:34 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini [2010.12.05 20:42:53 | 001,352,167 | ---- | C] () -- C:\Users\*\Desktop\untitled.mp3 [2010.12.05 11:31:29 | 001,005,294 | ---- | C] () -- C:\Windows\System32\TmpA12358134 [2010.12.05 09:30:37 | 000,048,080 | ---- | C] () -- C:\Users\*\Desktop\First movement.BAK [2010.12.05 00:09:39 | 000,024,369 | ---- | C] () -- C:\Users\*\Documents\Wuppertal%20Institut%20f%C3%BCr%20Klima,%20Umwelt,%20Energie%20GmbH.pdf [2010.12.04 20:46:56 | 000,462,957 | ---- | C] () -- C:\Users\*\Desktop\creepyvoice.mp3 [2010.12.04 18:54:05 | 000,024,064 | ---- | C] () -- C:\Users\*\Documents\Dienstag 17.doc [2010.12.04 12:38:42 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\ScreenCamera.lnk [2010.12.04 11:49:01 | 000,004,208 | ---- | C] () -- C:\Users\*\Documents\Track 3 Recording 1.sfk [2010.12.04 11:48:56 | 000,530,870 | ---- | C] () -- C:\Users\*\Documents\Track 3 Recording 1.wav [2010.12.04 11:48:47 | 000,006,472 | ---- | C] () -- C:\Users\*\Documents\Track 2 Recording 1.sfk [2010.12.04 11:48:37 | 000,820,282 | ---- | C] () -- C:\Users\*\Documents\Track 2 Recording 1.wav [2010.12.03 13:45:30 | 000,033,792 | ---- | C] () -- C:\Users\*\Documents\Donders attempted to describe the processes going on in the mind by analyzing cognitive activity into separate.doc [2010.12.02 18:10:11 | 001,005,568 | ---- | C] () -- C:\Users\*\Documents\Konformität.ppt [2010.12.02 08:40:31 | 000,024,907 | ---- | C] () -- C:\Users\*\Documents\devil.pdf [2010.12.02 07:58:31 | 001,079,742 | R--- | C] () -- C:\Users\*\Documents\Resources.xpak [2010.12.01 16:17:17 | 000,584,192 | ---- | C] () -- C:\Users\*\Documents\Exprak.ppt [2010.12.01 16:03:41 | 000,045,056 | ---- | C] () -- C:\Users\*\Documents\sadfsdf.doc [2010.11.22 18:51:25 | 004,905,865 | ---- | C] () -- C:\Users\*\Desktop\secondpart2134.mp3 [2010.11.22 10:46:58 | 000,024,064 | ---- | C] () -- C:\Users\*\Documents\adsg.doc [2010.11.22 10:27:49 | 000,000,544 | ---- | C] () -- C:\Windows\adsfdsaf.dat [2010.11.22 10:27:38 | 000,006,634 | ---- | C] () -- C:\Windows\adsfdsaf.exp [2010.11.22 07:12:34 | 003,836,934 | ---- | C] () -- C:\Users\*\Desktop\The dipstone cave.mp3 [2010.11.22 07:01:26 | 003,228,803 | ---- | C] () -- C:\Users\*\Desktop\Strings1.mp3 [2010.11.21 23:14:48 | 003,833,799 | ---- | C] () -- C:\Users\*\Desktop\davidmiguel.mp3 [2010.11.21 19:49:04 | 000,000,086 | ---- | C] () -- C:\Windows\System32\Kompletes Experiment.exp [2010.11.21 19:13:30 | 004,814,861 | ---- | C] () -- C:\Users\*\Documents\sadfasdf.wmv [2010.11.20 11:27:18 | 000,286,720 | ---- | C] () -- C:\Users\*\Documents\vdmeth_schneewind.doc [2010.11.20 10:51:39 | 012,066,304 | ---- | C] () -- C:\Users\*\Documents\Entwicklung_Skript_LiBiDo.doc [2010.11.19 11:41:21 | 000,034,304 | ---- | C] () -- C:\Users\*\Documents\Abstract.doc [2010.11.18 13:40:58 | 000,451,072 | ---- | C] () -- C:\Users\*\Documents\Studie.ppt [2010.11.17 21:13:05 | 000,433,664 | ---- | C] () -- C:\Users\*\Documents\PRESENTATION NAME.ppt [2010.11.17 20:22:06 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\authorPOINT Lite.lnk [2010.11.17 18:39:09 | 000,451,072 | ---- | C] () -- C:\Users\*\Documents\asdfasdf.ppt [2010.11.17 18:27:10 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\Slide Effect.lnk [2010.11.17 09:07:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss [2010.11.17 09:07:54 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.11.16 17:44:33 | 000,070,240 | ---- | C] () -- C:\Users\*\Desktop\Test.pk [2010.11.15 22:44:50 | 000,272,409 | ---- | C] () -- C:\Windows\System32\TmpA22076559 [2010.11.15 17:57:37 | 000,014,192 | ---- | C] () -- C:\DEBUG.DBG [2010.11.15 17:57:37 | 000,003,346 | -H-- | C] () -- C:\Windows\System32\v12242B70498139.dll [2010.11.15 09:01:28 | 000,037,312 | ---- | C] () -- C:\Users\*\Metal-Kit.ADPreset [2010.11.14 19:27:10 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Inquisit 3.lnk [2010.11.09 21:50:26 | 000,004,666 | ---- | C] () -- C:\Users\*\Documents\jm.brain [2010.11.09 18:04:34 | 000,000,223 | -H-- | C] () -- C:\Windows\sysreg.dat [2010.11.09 16:00:00 | 000,667,255 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,208,881 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandReverbpresets.xml [2010.11.09 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDistortionpresets.xml [2010.11.09 16:00:00 | 000,191,692 | ---- | C] () -- C:\Users\*\AppData\Roaming\MAnalyzerpresets.xml [2010.11.09 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandConvolutionpresets.xml [2010.11.09 16:00:00 | 000,154,345 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandAutopanpresets.xml [2010.11.09 16:00:00 | 000,152,555 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,137,827 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandFlangerpresets.xml [2010.11.09 16:00:00 | 000,127,297 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFilterpresets.xml [2010.11.09 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandVibratopresets.xml [2010.11.09 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandChoruspresets.xml [2010.11.09 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandPhaserpresets.xml [2010.11.09 16:00:00 | 000,115,695 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2010.11.09 16:00:00 | 000,091,447 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDelaypresets.xml [2010.11.09 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequencepresets.xml [2010.11.09 16:00:00 | 000,084,095 | ---- | C] () -- C:\Users\*\AppData\Roaming\MReverbpresets.xml [2010.11.09 16:00:00 | 000,081,019 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandTremolopresets.xml [2010.11.09 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2010.11.09 16:00:00 | 000,042,795 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,038,763 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandTransientpresets.xml [2010.11.09 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandSaturatorpresets.xml [2010.11.09 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\*\AppData\Roaming\MSpectralDynamicspresets.xml [2010.11.09 16:00:00 | 000,024,793 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDynamicspresets.xml [2010.11.09 16:00:00 | 000,021,794 | ---- | C] () -- C:\Users\*\AppData\Roaming\MDynamicspresets.xml [2010.11.09 16:00:00 | 000,013,964 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFlangerpresets.xml [2010.11.09 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2010.11.09 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreeformEqualizerpresets.xml [2010.11.09 16:00:00 | 000,010,520 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandLimiterpresets.xml [2010.11.09 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\*\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2010.11.09 16:00:00 | 000,007,130 | ---- | C] () -- C:\Users\*\AppData\Roaming\MEqualizerpresets.xml [2010.11.09 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreeformAnalogEqpresets.xml [2010.11.09 16:00:00 | 000,006,444 | ---- | C] () -- C:\Users\*\AppData\Roaming\MCompressorpresets.xml [2010.11.09 16:00:00 | 000,005,138 | ---- | C] () -- C:\Users\*\AppData\Roaming\MWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2010.11.09 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\*\AppData\Roaming\MPhaserpresets.xml [2010.11.09 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,003,017 | ---- | C] () -- C:\Users\*\AppData\Roaming\MStereoProcessorpresets.xml [2010.11.09 16:00:00 | 000,002,775 | ---- | C] () -- C:\Users\*\AppData\Roaming\MStereoExpanderpresets.xml [2010.11.09 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\*\AppData\Roaming\MVibratopresets.xml [2010.11.09 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\*\AppData\Roaming\MTremolopresets.xml [2010.11.09 16:00:00 | 000,001,907 | ---- | C] () -- C:\Users\*\AppData\Roaming\MAutopanpresets.xml [2010.11.09 16:00:00 | 000,001,381 | ---- | C] () -- C:\Users\*\AppData\Roaming\MLimiterpresets.xml [2010.11.09 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\*\AppData\Roaming\MUltraMaximizerpresets.xml [2010.08.13 08:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2010.07.25 10:37:44 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys [2010.07.25 09:24:13 | 000,155,648 | ---- | C] () -- C:\Windows\System32\addurl41.DLL [2010.07.25 09:24:13 | 000,018,432 | ---- | C] () -- C:\Windows\System32\winwatch.DLL [2010.07.03 11:30:42 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2010.07.03 11:30:42 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2010.07.01 17:40:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.06.22 19:14:39 | 000,059,856 | ---- | C] () -- C:\Windows\System32\midiio.dll [2010.06.21 21:28:24 | 005,206,016 | ---- | C] () -- C:\Windows\System32\mkl_genarts.dll [2010.06.21 21:28:17 | 000,000,098 | ---- | C] () -- C:\Windows\MSUTIL.INI [2010.06.11 13:02:41 | 000,000,000 | ---- | C] () -- C:\Windows\Sam9_E.INI [2010.06.08 14:27:41 | 000,000,000 | -H-- | C] () -- C:\Users\*\AppData\Roaming\.24422B0832414DDE.sys [2010.06.01 14:16:09 | 000,000,058 | ---- | C] () -- C:\Windows\KM1Pref.ini [2010.05.24 10:46:55 | 000,172,032 | ---- | C] () -- C:\Windows\System32\FxGoWinFu.dll [2010.04.17 15:44:11 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2010.04.15 16:19:26 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.02.23 14:24:09 | 000,138,752 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.02.23 10:19:17 | 000,000,036 | ---- | C] () -- C:\Windows\rasqervy.dll [2010.02.23 10:19:15 | 000,000,008 | ---- | C] () -- C:\Windows\sdfinacs.dll [2010.02.23 10:19:13 | 000,000,005 | ---- | C] () -- C:\Windows\sdfixwcs.dll [2010.02.22 20:20:13 | 000,000,056 | ---- | C] () -- C:\Windows\coolacm.ini [2010.02.19 13:36:37 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2010.02.10 12:11:15 | 016,379,904 | ---- | C] () -- C:\Windows\System32\AbsynthIAC.dll [2010.02.03 20:05:47 | 000,019,576 | ---- | C] () -- C:\Programme\trapcodeform.log [2010.02.03 19:18:23 | 000,000,100 | ---- | C] () -- C:\Users\*\AppData\Local\fusioncache.dat [2010.01.20 21:21:48 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2010.01.10 18:52:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.01.10 18:51:03 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2009.11.16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2009.09.27 20:53:48 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini [2009.09.25 11:26:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009.08.15 12:24:59 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2009.07.31 02:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini [2009.07.15 11:08:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.07.15 11:05:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.06.23 12:00:52 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2009.06.23 12:00:51 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2 [2009.06.16 19:12:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.06.16 19:12:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.06.16 19:12:01 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2009.06.16 19:12:01 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2009.05.15 02:06:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009.01.07 23:21:54 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.01.07 23:21:54 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Local\mxfilerelatedcache.mxc2 [2009.01.04 15:22:27 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.01.03 04:53:09 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.01.01 22:19:51 | 000,006,540 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat [2008.12.05 17:32:10 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll [2008.12.05 17:32:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [2008.12.05 17:32:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll [2008.12.03 16:05:13 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll [2008.10.03 09:41:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.02 21:24:44 | 000,026,340 | ---- | C] () -- C:\Users\*\AppData\Roaming\UserTile.png [2008.10.02 19:40:46 | 000,077,824 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.02 13:20:09 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.10.02 13:20:09 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.02 09:17:35 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.10.02 09:17:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.10.02 09:17:35 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.10.02 09:17:35 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.10.02 09:16:35 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.09.07 21:25:44 | 000,009,843 | ---- | C] () -- C:\Windows\System32\mswlnmoge.dll [2008.02.22 10:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 16:58:18 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 15:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 15:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 15:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 15:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 15:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.12.18 14:24:27 | 000,151,552 | ---- | C] () -- C:\Windows\System32\msblcmogd.dll [2007.06.14 17:15:42 | 001,581,056 | ---- | C] () -- C:\Windows\System32\QtCore4.dll [2007.05.25 08:05:18 | 000,581,632 | ---- | C] () -- C:\Windows\System32\QtNetwork4.dll [2007.05.25 08:04:00 | 006,365,184 | ---- | C] () -- C:\Windows\System32\QtGui4.dll [2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.27 13:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini ========== LOP Check ========== [2008.11.24 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\aAvgApi [2010.01.14 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Academic Software Zurich [2010.06.20 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ACAMPREF [2010.04.15 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma [2010.01.25 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnBSoft [2010.10.21 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnvSoft [2010.02.23 14:24:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Application Data [2010.12.05 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.02.01 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk [2010.04.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS [2010.06.20 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BitZipper [2010.06.17 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cakewalk [2010.01.31 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CB Model Pro [2010.02.23 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ChemTable Software [2010.10.18 08:07:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Chessmaster Challenge [2008.11.23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Codemasters [2010.05.14 07:59:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2010.04.11 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro [2010.02.05 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAZ 3D [2010.05.16 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations [2010.06.22 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGet [2010.04.15 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGetBHO [2010.11.06 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo [2009.07.06 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Hide IP NG [2009.12.02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IObit [2010.11.22 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iZotope [2010.06.19 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Juce VST Host [2008.12.05 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KALiNKOsoft [2010.03.17 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KORG [2010.11.11 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech [2009.07.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX [2010.11.11 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.12.04 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MAutoEqualizer [2010.11.17 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.12.04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.12.03 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.12.03 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.12.03 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.12.04 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.12.04 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.12.03 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.20 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.20 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.14 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.20 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.12.04 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.11.11 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.12.04 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.12.04 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.11.19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.12.04 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.12.04 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.04.26 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2 [2009.08.23 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozart 9 [2010.04.29 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MSPS [2010.11.14 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MusE [2008.10.02 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\myphotobook [2010.07.21 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nitro PDF [2010.04.24 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera [2010.11.21 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy [2008.10.02 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PeerNetworking [2010.11.09 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.07.21 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PrimoPDF [2009.12.04 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Publish Providers [2010.02.23 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Resolume [2010.04.18 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Smart PC Solutions [2010.03.23 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2010.11.20 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Steinberg [2010.05.11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SWiSH Max3 [2009.11.25 04:31:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2008.10.03 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Toshiba [2009.08.15 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TrojanHunter [2010.06.20 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uniblue [2010.06.20 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent [2010.04.18 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Waldorf [2010.01.26 02:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Wings3D [2009.07.08 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\X-Chat 2 [2010.12.07 08:28:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.19 22:44:09 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job [2009.12.04 17:25:40 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.11.24 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\aAvgApi [2010.01.14 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Academic Software Zurich [2010.06.20 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ACAMPREF [2010.04.15 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma [2010.12.01 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe [2010.01.25 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnBSoft [2010.10.21 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnvSoft [2010.02.23 14:24:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Application Data [2010.12.05 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.02.01 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk [2010.12.06 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira [2010.04.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS [2010.06.20 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BitZipper [2010.06.17 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cakewalk [2010.01.31 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CB Model Pro [2010.02.23 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ChemTable Software [2010.10.18 08:07:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Chessmaster Challenge [2008.11.23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Codemasters [2010.05.14 07:59:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2010.04.11 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro [2010.02.05 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAZ 3D [2010.05.25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DivX [2010.05.16 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations [2009.11.25 17:56:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\dvdcss [2010.06.22 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGet [2010.04.15 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGetBHO [2010.11.06 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo [2008.10.04 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Google [2009.07.06 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Hide IP NG [2008.10.02 09:17:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities [2008.11.23 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InstallShield [2009.12.02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IObit [2010.11.22 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iZotope [2010.06.19 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Juce VST Host [2008.12.05 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KALiNKOsoft [2010.03.17 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KORG [2010.11.11 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech [2008.10.03 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia [2009.07.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX [2010.12.06 22:48:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs [2010.11.11 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.12.04 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MAutoEqualizer [2010.11.17 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.12.04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.12.03 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.12.03 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.12.03 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.12.04 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.12.04 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.12.03 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.20 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.20 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.14 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.20 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.12.04 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.11.11 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.12.04 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.12.04 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.11.19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.12.04 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.12.04 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.04.26 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2 [2010.06.20 12:41:19 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft [2009.09.11 00:42:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mIRC [2010.03.11 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MixMeister Technology [2009.08.23 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozart 9 [2009.06.14 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla [2009.12.12 14:42:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MozillaControl [2010.04.29 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MSPS [2010.11.14 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MusE [2008.10.02 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\myphotobook [2008.12.22 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nero [2010.07.21 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nitro PDF [2010.04.24 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera [2010.11.21 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy [2008.10.02 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PeerNetworking [2010.11.09 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.07.21 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PrimoPDF [2009.12.04 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Publish Providers [2010.02.23 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Resolume [2009.09.25 10:08:07 | 000,000,000 | RH-D | M] -- C:\Users\*\AppData\Roaming\SecuROM [2010.06.22 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sibelius Software [2010.12.06 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype [2010.12.06 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM [2010.04.18 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Smart PC Solutions [2010.03.23 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2009.03.16 22:21:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony Corporation [2010.11.20 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Steinberg [2010.12.06 22:15:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com [2010.05.11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SWiSH Max3 [2009.11.25 04:31:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2008.10.03 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Toshiba [2009.08.15 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TrojanHunter [2010.06.20 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uniblue [2010.06.20 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent [2009.12.12 14:47:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\vlc [2010.04.18 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Waldorf [2010.05.29 16:29:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Winamp2 [2010.01.26 02:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Wings3D [2009.12.12 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR [2009.07.08 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\X-Chat 2 < %APPDATA%\*.exe /s > [2010.07.07 20:45:58 | 000,073,687 | ---- | M] () -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2\3784519767\Update.exe [2010.11.10 18:39:14 | 000,082,214 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\ARPPRODUCTICON.exe [2010.11.10 18:39:14 | 000,081,920 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\NewShortcut7_F315FB4F8D47468AA6DEED4E9706FFE0.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\Perspector1.exe_C0FD1C5108864C14B776163A9D320E98.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe1_EC8F41FA748640879850516D5FF68038.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe_317C300580E64743BE000A8B0CF610A1.exe [2010.10.18 20:16:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.10.18 20:16:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.10.18 20:16:46 | 000,008,854 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2010.04.27 07:48:00 | 000,003,128 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe [2007.01.01 17:01:25 | 000,009,728 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\localVista.exe [2007.01.08 09:34:46 | 000,006,656 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\localXP.exe [2006.12.21 12:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\*\AppData\Roaming\myphotobook\xtras\shellExecute.exe [2006.12.21 12:16:15 | 000,009,216 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\sleep.exe < %SYSTEMDRIVE%\*.exe > [2001.11.05 07:30:50 | 000,165,376 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.12 20:09:19 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.06.26 07:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:820563D3 @Alternate Data Stream - 296 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 1332 bytes -> C:\ProgramData\Microsoft:jvaw7qPmJZJhZ4AQfLT7 @Alternate Data Stream - 1253 bytes -> C:\Program Files\Common Files\microsoft shared:Xx0rE4MDtZ4MZKJz18m @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll: SummaryInformation @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll: DocumentSummaryInformation @Alternate Data Stream - 1222 bytes -> C:\ProgramData\Microsoft:BkBBL0DRJxb2RQqS @Alternate Data Stream - 1213 bytes -> C:\Users\*\AppData\Local\llAE0tdfxpnIUkI:hQ1P7Gh0uD0obLiUfcp @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70CE55D8 @Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:GJrgrqdJI86jSiX1v1C3Y @Alternate Data Stream - 1164 bytes -> C:\ProgramData\Microsoft:LGbxcpwYakrdL57mpnxtsp @Alternate Data Stream - 1156 bytes -> C:\Users\*\AppData\Local\y33MVsZnU3XFl:n6Kf8hz9OJgDlO3yhkeZIfIUI @Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:R4Spuvt5TEEzCPaNQ9ssx65fxt @Alternate Data Stream - 1147 bytes -> C:\Users\*\AppData\Local\jkHt9990PMIl:8WZ1TD7tsckMlguv5UCoI @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1075 bytes -> C:\ProgramData\Microsoft:8Qdhs5XNjwD2EqCiR9 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C60FAC5D < End of report > |
|
07.12.2010, 18:04
| #4 |
| | Tan-Trojaner oder nicht?! EXTRAS:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.12.2010 17:27:30 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 9,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,45 Gb Total Space | 8,80 Gb Free Space | 11,83% Space Free | Partition Type: NTFS Drive E: | 73,13 Gb Total Space | 33,26 Gb Free Space | 45,48% Space Free | Partition Type: NTFS Computer Name: MPCM | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Winamp2\winamp.exe (Nullsoft) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\*\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation) MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sp_rssrv) -- C:\Users\*\AppData\Local\Ares\My Shared Folder\sp_rsser.exe File not found SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not found SRV - (avg8emc) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_5632d69.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (SCRCAMHRDRV) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys (Windows (R) Server 2003 DDK provider) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (mchInjDrv) -- C:\Windows\System32\drivers\mchInjDrv.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (SynasUSB) -- C:\Windows\System32\drivers\SynasUSB.sys (SIA Syncrosoft) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Finale NotePad 2009\Help Files\Skin\Blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com, IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com, IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Finale NotePad 2009\Help Files\Skin\Blank.htm IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 57 BF 1D AF 93 CB 01 [binary data] IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local IE - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.07 19:22:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 09:20:47 | 000,000,000 | ---D | M] [2009.06.14 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2010.12.06 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions [2010.06.24 13:51:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.19 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.06.22 11:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.04 07:49:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.07 20:10:05 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2010.11.11 11:37:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\foxfilter@inspiredeffect.net [2010.03.22 18:58:53 | 000,002,252 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\askcom.xml [2010.12.07 17:17:11 | 000,000,944 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\icqplugin.xml [2010.06.30 00:23:02 | 000,000,266 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\mhbo0zoz.default\searchplugins\Search.xml [2010.12.06 22:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.12.02 21:47:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.29 09:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.29 09:37:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.05 08:29:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.05 08:29:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.05 08:29:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.05 08:29:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.05 08:29:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.06 21:55:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\All Users\44755A6B-3F1D-4238-B2EF-77D59B73B320 [2010.12.03 16:42:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2010.03.16 16:05:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe Systems [2009.09.07 07:34:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Anwendungsdaten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Apple Computer [2009.08.25 22:33:24 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Autodesk [2010.02.02 09:09:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\avg9 [2010.06.20 12:41:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Avira [2010.12.06 18:04:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Big Fish Audio [2010.11.22 17:03:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Cached Installations [2010.03.27 13:13:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Cakewalk [2010.11.11 21:06:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010.05.14 07:56:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DAEMON Tools Pro [2010.04.10 20:50:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DFX [2010.02.23 20:34:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\DivX [2010.12.03 16:28:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Dokumente [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\East West [2010.02.22 15:21:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Electronic Arts [2009.09.23 11:56:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\eLicenser [2010.04.17 15:44:57 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favoriten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\FLEXnet [2010.02.01 19:01:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Google [2008.11.24 16:25:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ICQ [2010.01.31 00:45:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Identities [2009.08.26 12:59:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\inf [2010.12.06 06:58:53 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\InstallShield [2008.11.23 19:09:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IObit [2009.12.02 06:33:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IsolatedStorage [2010.11.17 17:28:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Kaspersky Lab [2010.08.12 07:19:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\KORG [2010.03.17 08:21:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Lavasoft [2010.06.20 12:23:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\MAGIX [2010.08.11 14:13:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2010.12.06 22:47:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2009.12.04 08:11:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2010.12.05 20:54:30 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\MTexturedStyles [2010.11.11 09:21:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Native Instruments [2010.05.15 14:05:56 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Software [2010.12.04 13:10:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Swift Sound [2010.07.14 13:43:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Nero [2009.11.20 21:41:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Nitro PDF [2010.05.16 19:25:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Note [2010.03.15 22:37:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PACE Anti-Piracy [2010.11.21 18:12:46 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ParetoLogic [2010.12.06 08:23:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Tools [2010.12.06 08:21:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PersonalBrain [2010.11.09 21:48:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\RegCure [2010.12.06 08:24:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Resolume 2.4 [2010.02.24 19:43:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Resolume Avenue 3 [2010.02.23 19:40:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SafeNet Sentinel [2010.07.01 17:44:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SecTaskMan [2009.12.02 17:38:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sibelius Software [2009.06.23 12:00:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Skype [2010.12.02 21:45:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SmartSound Software Inc [2010.04.17 19:37:25 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sony [2010.03.23 10:59:42 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spectrasonics [2010.03.15 22:44:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SPSS [2010.11.14 20:08:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2010.01.02 20:19:28 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spyware Terminator [2010.02.23 14:24:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Startmenü [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Sun [2010.06.29 09:38:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2010.03.23 21:15:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Syncrosoft [2010.04.17 15:44:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\T2 () O4 - Startup: C:\Users\All Users\TEMP [2010.12.06 08:42:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2006.11.02 14:02:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\TOSHIBA [2008.02.22 10:17:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ToshibaEurope [2008.10.02 09:12:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Trymedia [2008.11.16 19:14:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Ulead Systems [2009.06.13 14:18:38 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Uniblue [2010.06.20 09:32:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Vorlagen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\WindowsSearch [2008.11.21 13:12:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WinZip [2010.12.04 11:47:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WLInstaller [2008.10.03 18:27:32 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\XoftSpySE [2010.12.06 08:17:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} [2010.11.13 14:19:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607} [2010.12.04 11:03:58 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{B386D963-5B25-453D-944B-BCE9993F76FA} [2010.05.14 19:41:09 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [2010.05.14 19:34:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8} [2010.05.14 17:33:05 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\All Users\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF} [2010.05.14 17:34:15 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Anwendungsdaten [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\AppData [2006.11.02 12:18:34 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2008.02.18 16:56:45 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2008.10.02 09:07:44 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Druckumgebung [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Eigene Dateien [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Favorites [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Lokale Einstellungen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Netzwerkumgebung [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2006.11.02 11:23:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Startmenü [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2006.11.02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Vorlagen [2008.10.02 09:07:44 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\.spss [2010.07.02 21:06:29 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\.sv1 [2010.02.09 08:05:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Anwendungsdaten [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\AppData [2009.01.07 23:21:54 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\*\Application Data [2010.11.20 18:54:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Contacts [2010.11.16 18:22:00 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Cookies [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Desktop [2010.12.07 08:43:11 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Documents [2010.12.06 08:14:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Dokumente [2010.11.20 18:54:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Downloads [2010.12.07 17:24:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Druckumgebung [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Eigene Dateien [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Favorites [2010.12.04 13:21:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Links [2010.03.27 21:28:42 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Lokale Einstellungen [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Metal-Kit.ADPreset () O4 - Startup: C:\Users\*\Music [2010.10.19 18:11:10 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Netzwerkumgebung [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\ntuser.dat () O4 - Startup: C:\Users\*\ntuser.dat.LOG1 () O4 - Startup: C:\Users\*\ntuser.dat.LOG2 () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\*\ntuser.ini () O4 - Startup: C:\Users\*\Pictures [2010.12.05 18:06:28 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Recent [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Searches [2009.01.07 23:21:54 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\SendTo [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Startmenü [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\*\Tracing [2010.12.06 20:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\*\Videos [2010.12.04 13:10:56 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\*\Vorlagen [2008.10.02 09:11:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Public\AppData [2010.12.06 22:02:53 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\blobs.log () O4 - Startup: C:\Users\Public\Desktop [2010.12.06 22:47:54 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2010.12.01 15:48:51 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2009.04.01 16:39:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\DRM [2008.02.18 16:59:37 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Public\Favorites [2006.11.02 11:23:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TM.blf () O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{253fcabb-e03f-11de-b3dc-001e3361045d}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TM.blf () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Public\NTUSER.DAT{fd203217-01bd-11df-908c-001e3361045d}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Public\Pictures [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2006.11.02 13:37:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Videos [2006.11.02 13:50:50 | 000,000,000 | R--D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKU\S-1-5-21-2047346899-1205846586-3017234573-1000\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Seite nicht gefunden | Facebook (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\*\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.01 18:39:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig - StartUpReg: Uniblue RegistryBooster2 - hkey= - key= - c:\Programme\Uniblue\RegistryBooster 2\StartRegistryBooster.exe (Uniblue Software) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {20F8FEC0-965A-A595-3FE9-DBCEFE0CFC0F} - Windows Media Player 5.2 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4A567DD8-FF8C-46B3-1746-01C1DAC6EA3C} - NetShow ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5CF4A50F-3F58-AA75-2C7C-CA896F5D119F} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7DD550A7-7704-17BC-E311-AD91FF1C0B7E} - .NET Framework ActiveX: {86609876-FA84-2381-799C-BE7F22E0D04E} - Browser Customizations ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B281A18D-29FC-C96C-85EB-10AC0C60F44B} - Windows Media Player 5.2 ActiveX: {BF86C24E-B3D3-1E53-C99F-53B4712355BE} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E240802E-3C27-75B6-9F24-7ABC54E237AA} - Microsoft Windows Media Player ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.12.06 22:48:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2010.12.06 22:47:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.06 22:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.06 22:47:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.06 22:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.06 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\CrashDumps [2010.12.06 22:14:39 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.12.06 22:05:32 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.06 22:03:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.12.06 22:02:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.12.06 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\temp [2010.12.06 21:32:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.06 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Avira [2010.12.06 18:04:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.06 18:04:39 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.06 18:04:34 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.12.06 18:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.06 08:30:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.12.06 08:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2010.12.06 07:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure [2010.12.06 07:38:02 | 000,000,000 | ---D | C] -- C:\Windows\localdumps [2010.12.06 07:16:32 | 000,000,000 | ---D | C] -- C:\Windows\PixArt [2010.12.06 06:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\inf [2010.12.05 11:32:22 | 000,000,000 | R--D | C] -- C:\Users\*\Documents\Notes [2010.12.04 21:20:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.12.04 21:19:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.12.04 21:19:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 13:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2010.12.04 12:38:40 | 000,221,184 | ---- | C] (Axis) -- C:\Windows\System32\prScrCamFXControls.ocx [2010.12.04 12:38:40 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\PCWinSoftPBar.ocx [2010.12.04 12:38:39 | 000,053,248 | ---- | C] (PCWinSoft Systems Informatica Ltda) -- C:\Windows\System32\BSwitch.ax [2010.12.04 12:05:23 | 000,232,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys [2010.12.04 12:05:22 | 000,000,000 | ---D | C] -- C:\Programme\ScreenCamera [2010.12.04 11:03:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607} [2010.12.03 03:25:39 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.12.02 21:45:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.12.02 09:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\44755A6B-3F1D-4238-B2EF-77D59B73B320 [2010.12.02 09:47:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Propellerhead Software [2010.12.02 09:47:40 | 000,000,000 | ---D | C] -- C:\Programme\PreSonus [2010.12.01 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Version Cue [2010.12.01 21:47:36 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Adobe [2010.12.01 15:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.12.01 15:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared [2010.12.01 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Adobe CS3 [2010.12.01 08:52:58 | 000,000,000 | ---D | C] -- C:\Programme\Ares [2010.11.22 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\iZotope [2010.11.22 17:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Audio [2010.11.22 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\iZotope Ozone 4 Presets [2010.11.21 18:08:37 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\iZotope iDrum Content [2010.11.21 18:08:36 | 000,000,000 | ---D | C] -- C:\Programme\iZotope [2010.11.20 10:13:36 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\System32\Synsopos.exe [2010.11.20 10:13:33 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A [2010.11.20 10:13:25 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\System32\SynsoLChk.dll [2010.11.19 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.11.17 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.11.17 21:11:22 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\authorGEN Projects [2010.11.17 20:22:04 | 000,000,000 | ---D | C] -- C:\Programme\authorGEN [2010.11.17 18:26:51 | 000,000,000 | ---D | C] -- C:\Programme\Slide Effect Trial [2010.11.17 17:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2010.11.17 10:56:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.17 09:01:03 | 000,000,000 | ---D | C] -- C:\Programme\IK Multimedia [2010.11.17 07:22:51 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\FAchartikel [2010.11.16 19:23:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.11.15 17:56:04 | 000,000,000 | ---D | C] -- C:\Windows\Absolut Piano Steinway [2010.11.14 20:14:01 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\SafeNet Sentinel [2010.11.14 20:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS [2010.11.14 20:06:15 | 000,000,000 | ---D | C] -- C:\Programme\SPSSInc [2010.11.14 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MusE [2010.11.14 19:37:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\MusE [2010.11.14 19:27:05 | 000,000,000 | ---D | C] -- C:\Programme\Millisecond Software [2010.11.13 21:54:41 | 000,000,000 | R--D | C] -- C:\Users\*\Documents\Orchestral shit [2010.11.11 22:47:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Leadertech [2010.11.11 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.11.11 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 22:03:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.11.11 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:02:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.11.11 22:01:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.11.11 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Spectrasonics [2010.11.11 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:42 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.11.11 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.11 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.11.11 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.11 09:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MTexturedStyles [2010.11.11 09:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\VST3 [2010.11.10 18:38:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Perspector [2010.11.10 18:38:34 | 000,000,000 | ---D | C] -- C:\Programme\Perspector [2010.11.09 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.11.09 21:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PersonalBrain [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.07 16:40:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.07 16:40:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.07 08:39:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.07 08:39:32 | 233,150,054 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.07 08:26:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.07 08:26:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.07 08:26:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.07 08:26:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.06 22:47:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.06 22:14:45 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.12.06 22:05:35 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.06 21:55:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.12.06 18:05:01 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.06 06:59:34 | 000,000,160 | ---- | M] () -- C:\Windows\MyDrivers.ini [2010.12.05 21:00:43 | 001,352,167 | ---- | M] () -- C:\Users\*\Desktop\untitled.mp3 [2010.12.05 19:31:58 | 000,048,080 | ---- | M] () -- C:\Users\*\Desktop\First movement.BAK [2010.12.05 15:00:53 | 000,584,192 | ---- | M] () -- C:\Users\*\Documents\Exprak.ppt [2010.12.05 14:59:53 | 000,033,792 | ---- | M] () -- C:\Users\*\Documents\Donders attempted to describe the processes going on in the mind by analyzing cognitive activity into separate.doc [2010.12.05 11:31:29 | 001,005,294 | ---- | M] () -- C:\Windows\System32\TmpA12358134 [2010.12.05 00:09:39 | 000,024,369 | ---- | M] () -- C:\Users\*\Documents\Wuppertal%20Institut%20f%C3%BCr%20Klima,%20Umwelt,%20Energie%20GmbH.pdf [2010.12.04 23:37:55 | 000,077,824 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.04 20:47:13 | 000,462,957 | ---- | M] () -- C:\Users\*\Desktop\creepyvoice.mp3 [2010.12.04 18:54:06 | 000,024,064 | ---- | M] () -- C:\Users\*\Documents\Dienstag 17.doc [2010.12.04 12:38:42 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\ScreenCamera.lnk [2010.12.04 11:49:35 | 000,006,472 | ---- | M] () -- C:\Users\*\Documents\Track 2 Recording 1.sfk [2010.12.04 11:49:35 | 000,004,208 | ---- | M] () -- C:\Users\*\Documents\Track 3 Recording 1.sfk [2010.12.04 11:49:01 | 000,530,870 | ---- | M] () -- C:\Users\*\Documents\Track 3 Recording 1.wav [2010.12.04 11:48:46 | 000,820,282 | ---- | M] () -- C:\Users\*\Documents\Track 2 Recording 1.wav [2010.12.04 11:44:02 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX [2010.12.04 11:44:02 | 000,000,004 | ---- | M] () -- C:\Windows\Twain001.Mtx [2010.12.03 18:42:59 | 000,048,640 | ---- | M] () -- C:\Users\*\Documents\Rusted Nature Texte.doc [2010.12.02 20:02:50 | 000,045,056 | ---- | M] () -- C:\Users\*\Documents\sadfsdf.doc [2010.12.02 18:10:12 | 001,005,568 | ---- | M] () -- C:\Users\*\Documents\Konformität.ppt [2010.12.02 08:50:37 | 000,024,907 | ---- | M] () -- C:\Users\*\Documents\devil.pdf [2010.12.02 07:58:31 | 001,079,742 | R--- | M] () -- C:\Users\*\Documents\Resources.xpak [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.22 18:52:50 | 004,905,865 | ---- | M] () -- C:\Users\*\Desktop\secondpart2134.mp3 [2010.11.22 18:12:50 | 003,836,934 | ---- | M] () -- C:\Users\*\Desktop\The dipstone cave.mp3 [2010.11.22 10:50:11 | 000,000,544 | ---- | M] () -- C:\Windows\adsfdsaf.dat [2010.11.22 10:46:59 | 000,024,064 | ---- | M] () -- C:\Users\*\Documents\adsg.doc [2010.11.22 10:39:07 | 000,006,634 | ---- | M] () -- C:\Windows\adsfdsaf.exp [2010.11.22 09:25:04 | 000,053,248 | ---- | M] (PCWinSoft Systems Informatica Ltda) -- C:\Windows\System32\BSwitch.ax [2010.11.22 07:07:57 | 003,228,803 | ---- | M] () -- C:\Users\*\Desktop\Strings1.mp3 [2010.11.22 06:49:32 | 003,833,799 | ---- | M] () -- C:\Users\*\Desktop\davidmiguel.mp3 [2010.11.21 20:08:43 | 004,814,861 | ---- | M] () -- C:\Users\*\Documents\sadfasdf.wmv [2010.11.21 19:49:04 | 000,000,086 | ---- | M] () -- C:\Windows\System32\Kompletes Experiment.exp [2010.11.21 18:49:39 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss [2010.11.21 18:49:39 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat [2010.11.21 17:07:20 | 000,000,056 | ---- | M] () -- C:\Windows\coolacm.ini [2010.11.21 15:32:03 | 000,034,304 | ---- | M] () -- C:\Users\*\Documents\Abstract.doc [2010.11.20 11:27:19 | 000,286,720 | ---- | M] () -- C:\Users\*\Documents\vdmeth_schneewind.doc [2010.11.20 10:52:00 | 012,066,304 | ---- | M] () -- C:\Users\*\Documents\Entwicklung_Skript_LiBiDo.doc [2010.11.19 22:44:09 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job [2010.11.18 13:42:02 | 000,451,072 | ---- | M] () -- C:\Users\*\Documents\Studie.ppt [2010.11.17 21:13:19 | 000,433,664 | ---- | M] () -- C:\Users\*\Documents\PRESENTATION NAME.ppt [2010.11.17 20:22:06 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\authorPOINT Lite.lnk [2010.11.17 18:39:09 | 000,451,072 | ---- | M] () -- C:\Users\*\Documents\asdfasdf.ppt [2010.11.17 18:27:10 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Slide Effect.lnk [2010.11.16 19:55:39 | 000,021,504 | ---- | M] () -- C:\Users\*\Documents\Lebenslauf01.doc [2010.11.16 17:44:33 | 000,070,240 | ---- | M] () -- C:\Users\*\Desktop\Test.pk [2010.11.15 22:44:50 | 000,272,409 | ---- | M] () -- C:\Windows\System32\TmpA22076559 [2010.11.15 18:05:33 | 000,014,192 | ---- | M] () -- C:\DEBUG.DBG [2010.11.15 18:05:33 | 000,003,346 | -H-- | M] () -- C:\Windows\System32\v12242B70498139.dll [2010.11.15 08:56:33 | 002,531,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.15 07:17:36 | 000,232,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\System32\drivers\SCRCAMHRDRV.sys [2010.11.14 20:11:06 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz [2010.11.14 20:05:20 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz [2010.11.14 20:05:20 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm [2010.11.14 20:01:44 | 000,037,312 | ---- | M] () -- C:\Users\*\Metal-Kit.ADPreset [2010.11.14 19:27:10 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Inquisit 3.lnk [2010.11.10 17:32:37 | 000,004,666 | ---- | M] () -- C:\Users\*\Documents\jm.brain [2010.11.09 18:40:19 | 000,000,223 | -H-- | M] () -- C:\Windows\sysreg.dat [2010.11.09 16:00:00 | 000,667,255 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,208,881 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandReverbpresets.xml [2010.11.09 16:00:00 | 000,193,849 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDistortionpresets.xml [2010.11.09 16:00:00 | 000,191,692 | ---- | M] () -- C:\Users\*\AppData\Roaming\MAnalyzerpresets.xml [2010.11.09 16:00:00 | 000,163,535 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandConvolutionpresets.xml [2010.11.09 16:00:00 | 000,154,345 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandAutopanpresets.xml [2010.11.09 16:00:00 | 000,152,555 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,137,827 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandFlangerpresets.xml [2010.11.09 16:00:00 | 000,127,297 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFilterpresets.xml [2010.11.09 16:00:00 | 000,125,408 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandVibratopresets.xml [2010.11.09 16:00:00 | 000,120,395 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandChoruspresets.xml [2010.11.09 16:00:00 | 000,115,704 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandPhaserpresets.xml [2010.11.09 16:00:00 | 000,115,695 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2010.11.09 16:00:00 | 000,091,447 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDelaypresets.xml [2010.11.09 16:00:00 | 000,086,911 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,086,536 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequencepresets.xml [2010.11.09 16:00:00 | 000,084,095 | ---- | M] () -- C:\Users\*\AppData\Roaming\MReverbpresets.xml [2010.11.09 16:00:00 | 000,081,019 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandTremolopresets.xml [2010.11.09 16:00:00 | 000,059,052 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,051,825 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2010.11.09 16:00:00 | 000,042,795 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,038,763 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandTransientpresets.xml [2010.11.09 16:00:00 | 000,032,410 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandSaturatorpresets.xml [2010.11.09 16:00:00 | 000,028,727 | ---- | M] () -- C:\Users\*\AppData\Roaming\MSpectralDynamicspresets.xml [2010.11.09 16:00:00 | 000,024,793 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandDynamicspresets.xml [2010.11.09 16:00:00 | 000,021,794 | ---- | M] () -- C:\Users\*\AppData\Roaming\MDynamicspresets.xml [2010.11.09 16:00:00 | 000,013,964 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFlangerpresets.xml [2010.11.09 16:00:00 | 000,012,248 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2010.11.09 16:00:00 | 000,011,422 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreeformEqualizerpresets.xml [2010.11.09 16:00:00 | 000,010,520 | ---- | M] () -- C:\Users\*\AppData\Roaming\MMultiBandLimiterpresets.xml [2010.11.09 16:00:00 | 000,009,119 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,007,355 | ---- | M] () -- C:\Users\*\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2010.11.09 16:00:00 | 000,007,130 | ---- | M] () -- C:\Users\*\AppData\Roaming\MEqualizerpresets.xml [2010.11.09 16:00:00 | 000,006,953 | ---- | M] () -- C:\Users\*\AppData\Roaming\MFreeformAnalogEqpresets.xml [2010.11.09 16:00:00 | 000,006,444 | ---- | M] () -- C:\Users\*\AppData\Roaming\MCompressorpresets.xml [2010.11.09 16:00:00 | 000,005,138 | ---- | M] () -- C:\Users\*\AppData\Roaming\MWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,005,022 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2010.11.09 16:00:00 | 000,004,362 | ---- | M] () -- C:\Users\*\AppData\Roaming\MPhaserpresets.xml [2010.11.09 16:00:00 | 000,003,771 | ---- | M] () -- C:\Users\*\AppData\Roaming\MRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,003,017 | ---- | M] () -- C:\Users\*\AppData\Roaming\MStereoProcessorpresets.xml [2010.11.09 16:00:00 | 000,002,775 | ---- | M] () -- C:\Users\*\AppData\Roaming\MStereoExpanderpresets.xml [2010.11.09 16:00:00 | 000,002,666 | ---- | M] () -- C:\Users\*\AppData\Roaming\MVibratopresets.xml [2010.11.09 16:00:00 | 000,002,366 | ---- | M] () -- C:\Users\*\AppData\Roaming\MTremolopresets.xml [2010.11.09 16:00:00 | 000,001,907 | ---- | M] () -- C:\Users\*\AppData\Roaming\MAutopanpresets.xml [2010.11.09 16:00:00 | 000,001,381 | ---- | M] () -- C:\Users\*\AppData\Roaming\MLimiterpresets.xml [2010.11.09 16:00:00 | 000,000,688 | ---- | M] () -- C:\Users\*\AppData\Roaming\MUltraMaximizerpresets.xml [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.07 08:39:32 | 233,150,054 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.12.06 22:47:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.06 22:14:45 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.12.06 22:05:35 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.06 18:05:01 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.06 06:59:34 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini [2010.12.05 20:42:53 | 001,352,167 | ---- | C] () -- C:\Users\*\Desktop\untitled.mp3 [2010.12.05 11:31:29 | 001,005,294 | ---- | C] () -- C:\Windows\System32\TmpA12358134 [2010.12.05 09:30:37 | 000,048,080 | ---- | C] () -- C:\Users\*\Desktop\First movement.BAK [2010.12.05 00:09:39 | 000,024,369 | ---- | C] () -- C:\Users\*\Documents\Wuppertal%20Institut%20f%C3%BCr%20Klima,%20Umwelt,%20Energie%20GmbH.pdf [2010.12.04 20:46:56 | 000,462,957 | ---- | C] () -- C:\Users\*\Desktop\creepyvoice.mp3 [2010.12.04 18:54:05 | 000,024,064 | ---- | C] () -- C:\Users\*\Documents\Dienstag 17.doc [2010.12.04 12:38:42 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\ScreenCamera.lnk [2010.12.04 11:49:01 | 000,004,208 | ---- | C] () -- C:\Users\*\Documents\Track 3 Recording 1.sfk [2010.12.04 11:48:56 | 000,530,870 | ---- | C] () -- C:\Users\*\Documents\Track 3 Recording 1.wav [2010.12.04 11:48:47 | 000,006,472 | ---- | C] () -- C:\Users\*\Documents\Track 2 Recording 1.sfk [2010.12.04 11:48:37 | 000,820,282 | ---- | C] () -- C:\Users\*\Documents\Track 2 Recording 1.wav [2010.12.03 13:45:30 | 000,033,792 | ---- | C] () -- C:\Users\*\Documents\Donders attempted to describe the processes going on in the mind by analyzing cognitive activity into separate.doc [2010.12.02 18:10:11 | 001,005,568 | ---- | C] () -- C:\Users\*\Documents\Konformität.ppt [2010.12.02 08:40:31 | 000,024,907 | ---- | C] () -- C:\Users\*\Documents\devil.pdf [2010.12.02 07:58:31 | 001,079,742 | R--- | C] () -- C:\Users\*\Documents\Resources.xpak [2010.12.01 16:17:17 | 000,584,192 | ---- | C] () -- C:\Users\*\Documents\Exprak.ppt [2010.12.01 16:03:41 | 000,045,056 | ---- | C] () -- C:\Users\*\Documents\sadfsdf.doc [2010.11.22 18:51:25 | 004,905,865 | ---- | C] () -- C:\Users\*\Desktop\secondpart2134.mp3 [2010.11.22 10:46:58 | 000,024,064 | ---- | C] () -- C:\Users\*\Documents\adsg.doc [2010.11.22 10:27:49 | 000,000,544 | ---- | C] () -- C:\Windows\adsfdsaf.dat [2010.11.22 10:27:38 | 000,006,634 | ---- | C] () -- C:\Windows\adsfdsaf.exp [2010.11.22 07:12:34 | 003,836,934 | ---- | C] () -- C:\Users\*\Desktop\The dipstone cave.mp3 [2010.11.22 07:01:26 | 003,228,803 | ---- | C] () -- C:\Users\*\Desktop\Strings1.mp3 [2010.11.21 23:14:48 | 003,833,799 | ---- | C] () -- C:\Users\*\Desktop\davidmiguel.mp3 [2010.11.21 19:49:04 | 000,000,086 | ---- | C] () -- C:\Windows\System32\Kompletes Experiment.exp [2010.11.21 19:13:30 | 004,814,861 | ---- | C] () -- C:\Users\*\Documents\sadfasdf.wmv [2010.11.20 11:27:18 | 000,286,720 | ---- | C] () -- C:\Users\*\Documents\vdmeth_schneewind.doc [2010.11.20 10:51:39 | 012,066,304 | ---- | C] () -- C:\Users\*\Documents\Entwicklung_Skript_LiBiDo.doc [2010.11.19 11:41:21 | 000,034,304 | ---- | C] () -- C:\Users\*\Documents\Abstract.doc [2010.11.18 13:40:58 | 000,451,072 | ---- | C] () -- C:\Users\*\Documents\Studie.ppt [2010.11.17 21:13:05 | 000,433,664 | ---- | C] () -- C:\Users\*\Documents\PRESENTATION NAME.ppt [2010.11.17 20:22:06 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\authorPOINT Lite.lnk [2010.11.17 18:39:09 | 000,451,072 | ---- | C] () -- C:\Users\*\Documents\asdfasdf.ppt [2010.11.17 18:27:10 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\Slide Effect.lnk [2010.11.17 09:07:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss [2010.11.17 09:07:54 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.11.16 17:44:33 | 000,070,240 | ---- | C] () -- C:\Users\*\Desktop\Test.pk [2010.11.15 22:44:50 | 000,272,409 | ---- | C] () -- C:\Windows\System32\TmpA22076559 [2010.11.15 17:57:37 | 000,014,192 | ---- | C] () -- C:\DEBUG.DBG [2010.11.15 17:57:37 | 000,003,346 | -H-- | C] () -- C:\Windows\System32\v12242B70498139.dll [2010.11.15 09:01:28 | 000,037,312 | ---- | C] () -- C:\Users\*\Metal-Kit.ADPreset [2010.11.14 19:27:10 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Inquisit 3.lnk [2010.11.09 21:50:26 | 000,004,666 | ---- | C] () -- C:\Users\*\Documents\jm.brain [2010.11.09 18:04:34 | 000,000,223 | -H-- | C] () -- C:\Windows\sysreg.dat [2010.11.09 16:00:00 | 000,667,255 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,208,881 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandReverbpresets.xml [2010.11.09 16:00:00 | 000,193,849 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDistortionpresets.xml [2010.11.09 16:00:00 | 000,191,692 | ---- | C] () -- C:\Users\*\AppData\Roaming\MAnalyzerpresets.xml [2010.11.09 16:00:00 | 000,163,535 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandConvolutionpresets.xml [2010.11.09 16:00:00 | 000,154,345 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandAutopanpresets.xml [2010.11.09 16:00:00 | 000,152,555 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,137,827 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandFlangerpresets.xml [2010.11.09 16:00:00 | 000,127,297 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFilterpresets.xml [2010.11.09 16:00:00 | 000,125,408 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandVibratopresets.xml [2010.11.09 16:00:00 | 000,120,395 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandChoruspresets.xml [2010.11.09 16:00:00 | 000,115,704 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandPhaserpresets.xml [2010.11.09 16:00:00 | 000,115,695 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandHarmonizerpresets.xml [2010.11.09 16:00:00 | 000,091,447 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDelaypresets.xml [2010.11.09 16:00:00 | 000,086,911 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,086,536 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequencepresets.xml [2010.11.09 16:00:00 | 000,084,095 | ---- | C] () -- C:\Users\*\AppData\Roaming\MReverbpresets.xml [2010.11.09 16:00:00 | 000,081,019 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandTremolopresets.xml [2010.11.09 16:00:00 | 000,059,052 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,051,825 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2010.11.09 16:00:00 | 000,042,795 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerpresets.xml [2010.11.09 16:00:00 | 000,038,763 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandTransientpresets.xml [2010.11.09 16:00:00 | 000,032,410 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandSaturatorpresets.xml [2010.11.09 16:00:00 | 000,028,727 | ---- | C] () -- C:\Users\*\AppData\Roaming\MSpectralDynamicspresets.xml [2010.11.09 16:00:00 | 000,024,793 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandDynamicspresets.xml [2010.11.09 16:00:00 | 000,021,794 | ---- | C] () -- C:\Users\*\AppData\Roaming\MDynamicspresets.xml [2010.11.09 16:00:00 | 000,013,964 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFlangerpresets.xml [2010.11.09 16:00:00 | 000,012,248 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2010.11.09 16:00:00 | 000,011,422 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreeformEqualizerpresets.xml [2010.11.09 16:00:00 | 000,010,520 | ---- | C] () -- C:\Users\*\AppData\Roaming\MMultiBandLimiterpresets.xml [2010.11.09 16:00:00 | 000,009,119 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreqShifterpresets.xml [2010.11.09 16:00:00 | 000,007,355 | ---- | C] () -- C:\Users\*\AppData\Roaming\MEqualizerLinearPhasepresets.xml [2010.11.09 16:00:00 | 000,007,130 | ---- | C] () -- C:\Users\*\AppData\Roaming\MEqualizerpresets.xml [2010.11.09 16:00:00 | 000,006,953 | ---- | C] () -- C:\Users\*\AppData\Roaming\MFreeformAnalogEqpresets.xml [2010.11.09 16:00:00 | 000,006,444 | ---- | C] () -- C:\Users\*\AppData\Roaming\MCompressorpresets.xml [2010.11.09 16:00:00 | 000,005,138 | ---- | C] () -- C:\Users\*\AppData\Roaming\MWaveShaperpresets.xml [2010.11.09 16:00:00 | 000,005,022 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2010.11.09 16:00:00 | 000,004,362 | ---- | C] () -- C:\Users\*\AppData\Roaming\MPhaserpresets.xml [2010.11.09 16:00:00 | 000,003,771 | ---- | C] () -- C:\Users\*\AppData\Roaming\MRingModulatorpresets.xml [2010.11.09 16:00:00 | 000,003,017 | ---- | C] () -- C:\Users\*\AppData\Roaming\MStereoProcessorpresets.xml [2010.11.09 16:00:00 | 000,002,775 | ---- | C] () -- C:\Users\*\AppData\Roaming\MStereoExpanderpresets.xml [2010.11.09 16:00:00 | 000,002,666 | ---- | C] () -- C:\Users\*\AppData\Roaming\MVibratopresets.xml [2010.11.09 16:00:00 | 000,002,366 | ---- | C] () -- C:\Users\*\AppData\Roaming\MTremolopresets.xml [2010.11.09 16:00:00 | 000,001,907 | ---- | C] () -- C:\Users\*\AppData\Roaming\MAutopanpresets.xml [2010.11.09 16:00:00 | 000,001,381 | ---- | C] () -- C:\Users\*\AppData\Roaming\MLimiterpresets.xml [2010.11.09 16:00:00 | 000,000,688 | ---- | C] () -- C:\Users\*\AppData\Roaming\MUltraMaximizerpresets.xml [2010.08.13 08:39:25 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2010.07.25 10:37:44 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys [2010.07.25 09:24:13 | 000,155,648 | ---- | C] () -- C:\Windows\System32\addurl41.DLL [2010.07.25 09:24:13 | 000,018,432 | ---- | C] () -- C:\Windows\System32\winwatch.DLL [2010.07.03 11:30:42 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2010.07.03 11:30:42 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2010.07.01 17:40:52 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.06.22 19:14:39 | 000,059,856 | ---- | C] () -- C:\Windows\System32\midiio.dll [2010.06.21 21:28:24 | 005,206,016 | ---- | C] () -- C:\Windows\System32\mkl_genarts.dll [2010.06.21 21:28:17 | 000,000,098 | ---- | C] () -- C:\Windows\MSUTIL.INI [2010.06.11 13:02:41 | 000,000,000 | ---- | C] () -- C:\Windows\Sam9_E.INI [2010.06.08 14:27:41 | 000,000,000 | -H-- | C] () -- C:\Users\*\AppData\Roaming\.24422B0832414DDE.sys [2010.06.01 14:16:09 | 000,000,058 | ---- | C] () -- C:\Windows\KM1Pref.ini [2010.05.24 10:46:55 | 000,172,032 | ---- | C] () -- C:\Windows\System32\FxGoWinFu.dll [2010.04.17 15:44:11 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2010.04.15 16:19:26 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.02.23 14:24:09 | 000,138,752 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.02.23 10:19:17 | 000,000,036 | ---- | C] () -- C:\Windows\rasqervy.dll [2010.02.23 10:19:15 | 000,000,008 | ---- | C] () -- C:\Windows\sdfinacs.dll [2010.02.23 10:19:13 | 000,000,005 | ---- | C] () -- C:\Windows\sdfixwcs.dll [2010.02.22 20:20:13 | 000,000,056 | ---- | C] () -- C:\Windows\coolacm.ini [2010.02.19 13:36:37 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2010.02.10 12:11:15 | 016,379,904 | ---- | C] () -- C:\Windows\System32\AbsynthIAC.dll [2010.02.03 20:05:47 | 000,019,576 | ---- | C] () -- C:\Programme\trapcodeform.log [2010.02.03 19:18:23 | 000,000,100 | ---- | C] () -- C:\Users\*\AppData\Local\fusioncache.dat [2010.01.20 21:21:48 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2010.01.10 18:52:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.01.10 18:51:03 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2009.11.16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2009.09.27 20:53:48 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini [2009.09.25 11:26:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009.08.15 12:24:59 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2009.07.31 02:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini [2009.07.15 11:08:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.07.15 11:05:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.06.23 12:00:52 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2009.06.23 12:00:51 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2 [2009.06.16 19:12:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.06.16 19:12:02 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.06.16 19:12:01 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2009.06.16 19:12:01 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2009.05.15 02:06:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009.01.07 23:21:54 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.01.07 23:21:54 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Local\mxfilerelatedcache.mxc2 [2009.01.04 15:22:27 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.01.03 04:53:09 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.01.01 22:19:51 | 000,006,540 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat [2008.12.05 17:32:10 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll [2008.12.05 17:32:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [2008.12.05 17:32:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll [2008.12.03 16:05:13 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll [2008.10.03 09:41:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.02 21:24:44 | 000,026,340 | ---- | C] () -- C:\Users\*\AppData\Roaming\UserTile.png [2008.10.02 19:40:46 | 000,077,824 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.02 13:20:09 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.10.02 13:20:09 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.02 09:17:35 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.10.02 09:17:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.10.02 09:17:35 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.10.02 09:17:35 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.10.02 09:16:35 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.09.07 21:25:44 | 000,009,843 | ---- | C] () -- C:\Windows\System32\mswlnmoge.dll [2008.02.22 10:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 16:58:18 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 15:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 15:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 15:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 15:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 15:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.12.18 14:24:27 | 000,151,552 | ---- | C] () -- C:\Windows\System32\msblcmogd.dll [2007.06.14 17:15:42 | 001,581,056 | ---- | C] () -- C:\Windows\System32\QtCore4.dll [2007.05.25 08:05:18 | 000,581,632 | ---- | C] () -- C:\Windows\System32\QtNetwork4.dll [2007.05.25 08:04:00 | 006,365,184 | ---- | C] () -- C:\Windows\System32\QtGui4.dll [2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.27 13:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini ========== LOP Check ========== [2008.11.24 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\aAvgApi [2010.01.14 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Academic Software Zurich [2010.06.20 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ACAMPREF [2010.04.15 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma [2010.01.25 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnBSoft [2010.10.21 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnvSoft [2010.02.23 14:24:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Application Data [2010.12.05 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.02.01 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk [2010.04.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS [2010.06.20 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BitZipper [2010.06.17 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cakewalk [2010.01.31 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CB Model Pro [2010.02.23 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ChemTable Software [2010.10.18 08:07:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Chessmaster Challenge [2008.11.23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Codemasters [2010.05.14 07:59:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2010.04.11 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro [2010.02.05 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAZ 3D [2010.05.16 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations [2010.06.22 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGet [2010.04.15 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGetBHO [2010.11.06 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo [2009.07.06 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Hide IP NG [2009.12.02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IObit [2010.11.22 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iZotope [2010.06.19 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Juce VST Host [2008.12.05 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KALiNKOsoft [2010.03.17 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KORG [2010.11.11 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech [2009.07.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX [2010.11.11 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.12.04 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MAutoEqualizer [2010.11.17 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.12.04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.12.03 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.12.03 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.12.03 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.12.04 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.12.04 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.12.03 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.20 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.20 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.14 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.20 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.12.04 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.11.11 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.12.04 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.12.04 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.11.19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.12.04 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.12.04 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.04.26 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2 [2009.08.23 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozart 9 [2010.04.29 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MSPS [2010.11.14 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MusE [2008.10.02 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\myphotobook [2010.07.21 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nitro PDF [2010.04.24 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera [2010.11.21 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy [2008.10.02 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PeerNetworking [2010.11.09 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.07.21 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PrimoPDF [2009.12.04 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Publish Providers [2010.02.23 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Resolume [2010.04.18 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Smart PC Solutions [2010.03.23 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2010.11.20 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Steinberg [2010.05.11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SWiSH Max3 [2009.11.25 04:31:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2008.10.03 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Toshiba [2009.08.15 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TrojanHunter [2010.06.20 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uniblue [2010.06.20 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent [2010.04.18 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Waldorf [2010.01.26 02:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Wings3D [2009.07.08 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\X-Chat 2 [2010.12.07 08:28:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.19 22:44:09 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job [2009.12.04 17:25:40 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.11.24 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\aAvgApi [2010.01.14 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Academic Software Zurich [2010.06.20 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ACAMPREF [2010.04.15 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma [2010.12.01 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe [2010.01.25 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnBSoft [2010.10.21 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AnvSoft [2010.02.23 14:24:09 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Application Data [2010.12.05 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT [2010.02.01 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk [2010.12.06 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira [2010.04.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS [2010.06.20 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BitZipper [2010.06.17 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cakewalk [2010.01.31 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CB Model Pro [2010.02.23 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ChemTable Software [2010.10.18 08:07:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Chessmaster Challenge [2008.11.23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Codemasters [2010.05.14 07:59:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2010.04.11 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro [2010.02.05 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAZ 3D [2010.05.25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DivX [2010.05.16 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations [2009.11.25 17:56:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\dvdcss [2010.06.22 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGet [2010.04.15 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashGetBHO [2010.11.06 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo [2008.10.04 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Google [2009.07.06 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Hide IP NG [2008.10.02 09:17:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities [2008.11.23 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InstallShield [2009.12.02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\IObit [2010.11.22 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iZotope [2010.06.19 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Juce VST Host [2008.12.05 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KALiNKOsoft [2010.03.17 08:25:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\KORG [2010.11.11 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech [2008.10.03 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia [2009.07.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX [2010.12.06 22:48:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs [2010.11.11 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction IR [2010.12.04 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MAutoEqualizer [2010.11.17 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MCompressor [2010.11.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MDynamics [2010.12.04 20:37:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MEqualizer [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MFilter [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandAutopan [2010.11.11 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandChorus [2010.12.03 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandConvolution [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDelay [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDistortion [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamics [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandDynamicsLarge [2010.11.11 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFlanger [2010.12.03 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandFreqShifter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandHarmonizer [2010.11.11 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandLimiter [2010.11.11 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandPhaser [2010.12.03 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandReverb [2010.12.04 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRhythmizer [2010.12.04 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandRingModulator [2010.11.11 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandSaturator [2010.12.03 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTransient [2010.11.20 18:08:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandTremolo [2010.11.11 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato [2010.11.20 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MMultiBandWaveShaper [2010.11.14 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MReverb [2010.11.20 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRhythmizer [2010.12.04 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MRingModulator [2010.11.11 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MSpectralDynamics [2010.12.04 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoExpander [2010.11.11 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MStereoProcessor [2010.12.04 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MTremolo [2010.11.19 14:36:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUltraMaximizer [2010.12.04 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MUtility [2010.12.04 21:19:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MVibrato [2010.12.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MeldaProduction MWaveShaper [2010.04.26 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2 [2010.06.20 12:41:19 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft [2009.09.11 00:42:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mIRC [2010.03.11 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MixMeister Technology [2009.08.23 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozart 9 [2009.06.14 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla [2009.12.12 14:42:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MozillaControl [2010.04.29 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MSPS [2010.11.14 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MusE [2008.10.02 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\myphotobook [2008.12.22 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nero [2010.07.21 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nitro PDF [2010.04.24 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera [2010.11.21 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy [2008.10.02 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PeerNetworking [2010.11.09 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PersonalBrain [2010.07.21 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PrimoPDF [2009.12.04 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Publish Providers [2010.02.23 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Resolume [2009.09.25 10:08:07 | 000,000,000 | RH-D | M] -- C:\Users\*\AppData\Roaming\SecuROM [2010.06.22 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sibelius Software [2010.12.06 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype [2010.12.06 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM [2010.04.18 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Smart PC Solutions [2010.03.23 01:31:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2009.03.16 22:21:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony Corporation [2010.11.20 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Steinberg [2010.12.06 22:15:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com [2010.05.11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SWiSH Max3 [2009.11.25 04:31:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2008.10.03 15:26:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Toshiba [2009.08.15 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TrojanHunter [2010.06.20 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Uniblue [2010.06.20 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent [2009.12.12 14:47:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\vlc [2010.04.18 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Waldorf [2010.05.29 16:29:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Winamp2 [2010.01.26 02:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Wings3D [2009.12.12 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR [2009.07.08 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\X-Chat 2 < %APPDATA%\*.exe /s > [2010.07.07 20:45:58 | 000,073,687 | ---- | M] () -- C:\Users\*\AppData\Roaming\MessengerDiscovery 2\3784519767\Update.exe [2010.11.10 18:39:14 | 000,082,214 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\ARPPRODUCTICON.exe [2010.11.10 18:39:14 | 000,081,920 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\NewShortcut7_F315FB4F8D47468AA6DEED4E9706FFE0.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\Perspector1.exe_C0FD1C5108864C14B776163A9D320E98.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe1_EC8F41FA748640879850516D5FF68038.exe [2010.11.10 18:39:14 | 000,122,880 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe_317C300580E64743BE000A8B0CF610A1.exe [2010.10.18 20:16:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.10.18 20:16:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.10.18 20:16:46 | 000,008,854 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2010.04.27 07:48:00 | 000,003,128 | R--- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe [2007.01.01 17:01:25 | 000,009,728 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\localVista.exe [2007.01.08 09:34:46 | 000,006,656 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\localXP.exe [2006.12.21 12:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\*\AppData\Roaming\myphotobook\xtras\shellExecute.exe [2006.12.21 12:16:15 | 000,009,216 | ---- | M] () -- C:\Users\*\AppData\Roaming\myphotobook\xtras\sleep.exe < %SYSTEMDRIVE%\*.exe > [2001.11.05 07:30:50 | 000,165,376 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.12 20:09:19 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.06.26 07:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:820563D3 @Alternate Data Stream - 296 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 1332 bytes -> C:\ProgramData\Microsoft:jvaw7qPmJZJhZ4AQfLT7 @Alternate Data Stream - 1253 bytes -> C:\Program Files\Common Files\microsoft shared:Xx0rE4MDtZ4MZKJz18m @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll: SummaryInformation @Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll: DocumentSummaryInformation @Alternate Data Stream - 1222 bytes -> C:\ProgramData\Microsoft:BkBBL0DRJxb2RQqS @Alternate Data Stream - 1213 bytes -> C:\Users\*\AppData\Local\llAE0tdfxpnIUkI:hQ1P7Gh0uD0obLiUfcp @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70CE55D8 @Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:GJrgrqdJI86jSiX1v1C3Y @Alternate Data Stream - 1164 bytes -> C:\ProgramData\Microsoft:LGbxcpwYakrdL57mpnxtsp @Alternate Data Stream - 1156 bytes -> C:\Users\*\AppData\Local\y33MVsZnU3XFl:n6Kf8hz9OJgDlO3yhkeZIfIUI @Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:R4Spuvt5TEEzCPaNQ9ssx65fxt @Alternate Data Stream - 1147 bytes -> C:\Users\*\AppData\Local\jkHt9990PMIl:8WZ1TD7tsckMlguv5UCoI @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1075 bytes -> C:\ProgramData\Microsoft:8Qdhs5XNjwD2EqCiR9 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C60FAC5D < End of report > Und jetzt? |
|
07.12.2010, 18:27
| #5 |
| /// Malware-holic | Tan-Trojaner oder nicht?! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2010, 19:16
| #6 |
| | Tan-Trojaner oder nicht?! Combofix Logfile: Code:
ATTFilter ComboFix 10-12-06.04 - * 07.12.2010 18:48:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1013.154 [GMT 1:00]
ausgeführt von:: c:\users\*\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-07 bis 2010-12-07 ))))))))))))))))))))))))))))))
.
2010-12-07 18:06 . 2010-12-07 18:06 -------- d-----w- c:\users\*\AppData\Local\temp
2010-12-07 18:06 . 2010-12-07 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-06 21:48 . 2010-12-06 21:48 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes
2010-12-06 21:47 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 21:47 . 2010-12-06 21:47 -------- d-----w- c:\programdata\Malwarebytes
2010-12-06 21:47 . 2010-12-07 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 21:47 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 21:28 . 2010-12-06 21:28 -------- d-----w- c:\users\*\AppData\Local\CrashDumps
2010-12-06 21:14 . 2010-12-06 21:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-06 21:05 . 2010-12-06 21:05 -------- d-----w- c:\program files\CCleaner
2010-12-06 17:14 . 2010-12-06 17:14 -------- d-----w- c:\users\*\AppData\Roaming\Avira
2010-12-06 17:04 . 2010-08-02 15:09 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-06 17:04 . 2010-12-06 17:04 -------- d-----w- c:\programdata\Avira
2010-12-06 17:04 . 2010-12-06 17:04 -------- d-----w- c:\program files\Avira
2010-12-06 07:30 . 2010-12-06 15:43 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-06 07:17 . 2010-12-06 07:17 -------- d-----w- c:\programdata\XoftSpySE
2010-12-06 06:53 . 2010-12-06 07:24 -------- d-----w- c:\programdata\RegCure
2010-12-06 06:38 . 2010-12-06 16:46 -------- d-----w- c:\windows\localdumps
2010-12-06 06:16 . 2010-12-06 06:16 -------- d-----w- c:\windows\PixArt
2010-12-06 05:58 . 2010-12-06 05:58 -------- d-----w- c:\programdata\inf
2010-12-04 20:20 . 2010-12-04 20:20 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MRingModulator
2010-12-04 20:19 . 2010-12-04 20:19 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MTremolo
2010-12-04 20:19 . 2010-12-04 20:19 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MVibrato
2010-12-04 12:10 . 2010-12-04 12:10 -------- d-----w- c:\programdata\NCH Software
2010-12-04 11:38 . 2010-11-06 17:43 221184 ----a-w- c:\windows\system32\prScrCamFXControls.ocx
2010-12-04 11:38 . 2010-09-06 06:17 28672 ----a-w- c:\windows\system32\PCWinSoftPBar.ocx
2010-12-04 11:38 . 2010-11-22 08:25 53248 ----a-w- c:\windows\system32\BSwitch.ax
2010-12-04 11:05 . 2010-11-15 06:17 232640 ----a-w- c:\windows\system32\drivers\SCRCAMHRDRV.sys
2010-12-04 11:05 . 2010-12-04 11:38 -------- d-----w- c:\program files\ScreenCamera
2010-12-04 10:03 . 2010-12-04 10:03 -------- dc-h--w- c:\programdata\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2010-12-02 20:45 . 2010-12-02 20:45 -------- d-----w- c:\program files\Common Files\Skype
2010-12-02 08:48 . 2010-12-03 15:42 -------- d-----w- c:\programdata\44755A6B-3F1D-4238-B2EF-77D59B73B320
2010-12-02 08:47 . 2010-12-02 08:47 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2010-12-02 08:47 . 2010-12-02 08:47 -------- d-----w- c:\program files\PreSonus
2010-12-01 14:47 . 2010-12-04 10:39 -------- d-----w- c:\program files\Bonjour
2010-12-01 14:36 . 2010-12-01 14:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-12-01 07:52 . 2010-12-06 15:50 -------- d-----w- c:\program files\Ares
2010-11-22 16:12 . 2010-11-22 16:12 -------- d-----w- c:\users\*\AppData\Roaming\iZotope
2010-11-22 16:03 . 2010-11-22 16:03 -------- d-----w- c:\programdata\Big Fish Audio
2010-11-21 17:08 . 2010-11-22 14:29 -------- d-----w- c:\program files\iZotope
2010-11-20 09:13 . 2006-01-29 10:48 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-11-20 09:13 . 2006-01-29 10:48 401462 ----a-w- c:\windows\system32\temp.00A
2010-11-20 09:13 . 2006-01-29 10:48 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-11-19 13:36 . 2010-11-19 13:36 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MUltraMaximizer
2010-11-17 20:11 . 2010-12-05 13:54 -------- d-----w- c:\users\*\AppData\Roaming\authorPOINT
2010-11-17 19:22 . 2010-11-17 19:22 -------- d-----w- c:\program files\authorGEN
2010-11-17 17:26 . 2010-11-17 17:27 -------- d-----w- c:\program files\Slide Effect Trial
2010-11-17 16:28 . 2010-11-17 16:28 -------- d-----w- c:\programdata\IsolatedStorage
2010-11-17 09:56 . 2010-11-17 18:12 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MCompressor
2010-11-17 08:01 . 2010-11-17 08:01 -------- d-----w- c:\program files\IK Multimedia
2010-11-16 18:23 . 2010-11-16 18:23 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MDynamics
2010-11-15 16:57 . 2010-11-15 17:05 3346 ---h--w- c:\windows\system32\v12242B70498139.dll
2010-11-15 16:56 . 2010-12-07 07:30 -------- d-----w- c:\windows\Absolut Piano Steinway
2010-11-14 19:08 . 2010-11-14 19:08 -------- d-----w- c:\programdata\SPSS
2010-11-14 19:06 . 2010-11-14 19:06 -------- d-----w- c:\program files\SPSSInc
2010-11-14 18:38 . 2010-11-14 18:38 -------- d-----w- c:\users\*\AppData\Roaming\MusE
2010-11-14 18:37 . 2010-11-14 18:37 -------- d-----w- c:\users\*\AppData\Local\MusE
2010-11-14 18:27 . 2010-11-14 18:27 -------- d-----w- c:\program files\Millisecond Software
2010-11-11 21:47 . 2010-11-11 21:47 -------- d-----w- c:\users\*\AppData\Roaming\Leadertech
2010-11-11 21:07 . 2010-12-04 20:19 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MUtility
2010-11-11 21:04 . 2010-12-04 19:37 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MEqualizer
2010-11-11 21:03 . 2010-11-11 21:03 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MStereoProcessor
2010-11-11 21:03 . 2010-12-04 19:41 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MStereoExpander
2010-11-11 21:02 . 2010-12-04 20:19 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MWaveShaper
2010-11-11 21:01 . 2010-11-11 21:01 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MSpectralDynamics
2010-11-11 20:51 . 2010-11-11 20:51 -------- d-----w- c:\users\*\AppData\Local\Spectrasonics
2010-11-11 09:53 . 2010-11-11 09:53 -------- d-----w- c:\users\*\AppData\Roaming\MeldaProduction MMultiBandVibrato
2010-11-11 08:21 . 2010-11-11 08:21 -------- d-----w- c:\programdata\MTexturedStyles
2010-11-11 08:20 . 2010-11-21 17:08 -------- d-----w- c:\program files\Common Files\VST3
2010-11-10 17:39 . 2010-11-10 17:39 81920 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\NewShortcut7_F315FB4F8D47468AA6DEED4E9706FFE0.exe
2010-11-10 17:39 . 2010-11-10 17:39 122880 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe1_EC8F41FA748640879850516D5FF68038.exe
2010-11-10 17:39 . 2010-11-10 17:39 122880 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\PerspectorPanel.exe_317C300580E64743BE000A8B0CF610A1.exe
2010-11-10 17:39 . 2010-11-10 17:39 122880 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{41BAB387-31EF-45BF-A10D-D062121FE03D}\Perspector1.exe_C0FD1C5108864C14B776163A9D320E98.exe
2010-11-10 17:38 . 2010-11-10 17:40 -------- d-----w- c:\users\*\AppData\Local\Perspector
2010-11-10 17:38 . 2010-11-10 17:38 -------- d-----w- c:\program files\Perspector
2010-11-09 20:49 . 2010-11-09 20:50 -------- d-----w- c:\users\*\AppData\Roaming\PersonalBrain
2010-11-09 20:48 . 2010-11-09 20:48 -------- d-----w- c:\programdata\PersonalBrain
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 19:16 . 2010-10-18 19:16 40960 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-10-18 19:16 . 2010-10-18 19:16 40960 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-09-09 22:52 . 2010-10-05 11:38 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C99BCA-06EF-4E5C-91CC-3191BAE5C081}\mpengine.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
2007-05-16 08:18 99872 ----a-w- c:\program files\Uniblue\RegistryBooster 2\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [2010-11-15 232640]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R4 mchInjDrv;mchInjDrv;c:\windows\system32\Drivers\mchInjDrv.sys [2010-07-25 2560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-12 697328]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-02-23 138752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-02-02 65856]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - MBAMSwissArmy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-11-19 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-06-20 12:03]
2009-12-04 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-06-20 12:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\program files\Finale NotePad 2009\Help Files\Skin\Blank.htm
uStart Page =
mLocal Page = c:\program files\Finale NotePad 2009\Help Files\Skin\Blank.htm
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mhbo0zoz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Citavi Picker: {8AA36F4F-6DC7-4c06-77AF-5035170634FE} - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\mhbo0zoz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-07 19:06
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:bf,77,50,04,09,2b,58,b4,32,0f,1d,da,a5,ee,af,ff,8a,2b,0b,d9,ce,ad,18,
3a,e2,77,51,5a,27,72,32,12,09,1c,c6,1b,e6,4a,c0,6a,c1,8d,aa,89,e1,db,65,4d,\
"??"=hex:63,03,0b,2a,58,a0,02,1a,45,dd,7e,4e,f7,25,cf,23
[HKEY_USERS\S-1-5-21-2047346899-1205846586-3017234573-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,d2,0d,e5,a2,4d,5b,43,3a,43,a8,20,a7,e4,c8,34,34,1b,d3,4f,cb,
f5,7e,7d,46,f4,42,ca,27,83,3e,8c,99,48,b0,e0,ae,3b,21,cd,df,92,1a,6a,7e,24,\
"rkeysecu"=hex:73,5b,74,66,cc,19,22,eb,d6,71,fa,03,e8,6f,a7,45
[HKEY_USERS\S-1-5-21-2047346899-1205846586-3017234573-1000\¬ î* *]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:47,b4,23,41,5d,74,b3,00
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-12-07 19:13:49
ComboFix-quarantined-files.txt 2010-12-07 18:13
Vor Suchlauf: 9.184.014.336 Bytes frei
Nach Suchlauf: 9.060.425.728 Bytes frei
- - End Of File - - D40E19F92BFE8729D84FC1B081E08C27
Und jetzt? Wie sieht es aus? |
|
07.12.2010, 19:28
| #7 |
| /// Malware-holic | Tan-Trojaner oder nicht?! sichere nun deine daten, dann geb ich dir ne anleitung zum neu aufsetzen /absichern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2010, 19:40
| #8 |
| | Tan-Trojaner oder nicht?! Warum ,was ist los? |
|
07.12.2010, 19:42
| #9 |
| /// Malware-holic | Tan-Trojaner oder nicht?! ich sehe zwar nichts, aber du schreibst ja selbst du hast nen tan trojaner, die einzige möglichkeit um sicher zu gehen das er runter ist ist neu aufsetzen, du willst ja sicher nicht, das jemand zugriff auf deine daten erhält.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2010, 19:56
| #10 |
| | Tan-Trojaner oder nicht?! Erst gestern, nachdem ich eine Überweisung im Internet führen wollte, bemerkte ich,dass ich Malware hatte. Ich habe etliche Programme verwendet, um den Trojaner, namentlich "trojan.banker" oder so etwas, loszuwerden. Das ist mir gelungen und nach mehreren Untersuchungen ist mein Laptop anscheinend wieder "sauber". Heute rief ich meine Bankberaterin an und sie sperrte meine PIN und TAN(s) ,daher glaube ich, mein Konto ist nicht gefährdet. Was sagt ihr? |
|
07.12.2010, 20:56
| #11 |
| /// Malware-holic | Tan-Trojaner oder nicht?! ja, wer glauben will soll in die kirche. du willst geld überweisen und brauchst sicherheit, daher hilft nur daten sichern und neu aufsetzen. wie gesagt ne anleitung dafür bekommst du. trojaner können für uns nicht mehr nachvollziebare enderungen am system vor nehmen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2010, 20:58
| #12 |
| | Tan-Trojaner oder nicht?! Meine Zugangsdaten sind gesperrt und ich will auf dieses "Online Banking" verzichten. |
|
07.12.2010, 21:02
| #13 |
| /// Malware-holic | Tan-Trojaner oder nicht?! das hat doch damit nichts zu tun, diese trojaner sind an allen daten interessiert und die enderungen die gemacht wurden sind doch nicht ungefährlicher, nur weil du kein banking mehr machst, die einsatzmöglichkeiten die ein trojaner hat sind vielfälltig.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2010, 21:03
| #14 |
| | Tan-Trojaner oder nicht?! Aber ich habe keinen Trojaner mehr? |
|
07.12.2010, 21:08
| #15 |
| /// Malware-holic | Tan-Trojaner oder nicht?! woher willst du das wissen, nur weil die programme nichts anzeigen heißt das noch lange nicht das da nichts mehr ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Tan-Trojaner oder nicht?! |
| aktiviert, banking, durchführen, eingebe, entdeck, entweder, erfolgreich, falsch, freue, guten, heute, nachricht, online, online banking, schei, system, tan, tans, versuch, virusscan, vorgehen, Überweisung |
Linear-Darstellung
