| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ist mein Opachki.ru vollends gelöscht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.01.2011, 19:15
| #1 |
| |  Ist mein Opachki.ru vollends gelöscht? Moin, auf der Suche nach einem Filmtrailer bin ich leider auf einen Youtube-User reingefallen der vermutlich ausschließlich Malware seeden wollte. 48 Videos, alle 10 Sek lang, verwiesen mit einer geshorteten Url auf die auf Youtube nichtmehr vorhandenen Videos. Hab den später gemeldet und er ist geflogen. Glückwunsch Youtube! Keine 24 h. Er war aber mehrere Monate auf Beutefang. "reevagalan wurde aufgrund von wiederholten oder schweren Verstößen gegen unsere Community-Richtlinien gekündigt." Die nicht finale Adresse war NICHT KLICKEN (falls kein Profi) http : // 384 ;;; 75 . movieupload .;; filetap . ;;com NICHT KLICKEN (falls kein Profi) abzüglich Leerzeichen und Semikolons, die ich sicherheitshalber eingebracht habe. Ich klickte also da drauf und bekam eine "leere Seite". Dann zurück, die anderen Videos entdeckt und kapiert, dass das wahrscheinlich nicht so klug war. Nun denn. Spybot S&D angeschmissen. Das hat mir neben nem Cookie Opachki.ru angezeigt, im Autostart wenn ich mich recht entsinne. Das soll böse Malware sein, die kaum zu entfernen ist. Spybot, mbam und OTL hab ich walten lassen und hoffe, dass die Tatsache, dass ich zur Spybot-Zeit noch keinen Neustart hatte, die Ausführung des im Autostart gesetzten Schadcodes verhindert wurde und ich opachki los bin. Ich habe übrigens noch keine eventuellen Auswirkungen wahrnehmen können, abgesehen von den Testergebnissen. Vielen Dank für eure Hilfe! RoSh Code:
ATTFilter --- Search result list ---
Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()
Opachki.ru: [SBI $9E90BA5A] Autorun-Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Right Media: Verfolgender Cookie (Internet Explorer: RoSh) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-11-09 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-10 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-10 Includes\TrojansC-05.sbi (*)
2010-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
--- Startup entries list ---
Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A
Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\Windows\system32\CTXFIHLP.EXE
size: 23552
MD5: 3DED07CE0E250531305C5C745BAA3E9A
Located: HK_LM:Run, HTC Sync Loader
command: "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
file: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
size: 585728
MD5: BC71BC338E8BBFAF83CA23493EDF31A5
Located: HK_LM:Run, NokiaMServer
command: C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
file: C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 614400
MD5: 64B9458E16AECFEF67333B7C39F82B09
Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 336384
MD5: 055C387F82389A13B64F5E9BD79B3BD6
Located: HK_CU:Run,
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, DU Meter
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command: C:\Program Files (x86)\DU Meter\DUMeter.exe
file: C:\Program Files (x86)\DU Meter\DUMeter.exe
size: 2941984
MD5: 87A5143AF8009818D32EDC2EFF13B12B
Located: HK_CU:Run, Microsoft Works Update Detection
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command: C:\Program Files (x86)\Microsoft Works\WkDetect.exe
file: C:\Program Files (x86)\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (allgemein), Launchy.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Launchy\Launchy.exe
file: C:\Program Files (x86)\Launchy\Launchy.exe
size: 286720
MD5: 4FBFDD7B45BA8E39199447FD481FFFE9
Located: Startup (allgemein), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 1200144
MD5: FEF4B7A9BBD3AC934F52A3BCA33312FD
Located: Startup (Benutzer), Dropbox.lnk
where: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe
file: C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 23343848
MD5: F4D6D11C89616549652067E7C8FA1ADF
Located: Startup (Benutzer), OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
where: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
size: 227712
MD5: 358AE5DF3E3E62CC9EBD63B145BC3259
--- Browser helper object list ---
{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: S:\Programme\Adobe Shit\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 27.03.2007 03:54:18
Date (last access): 18.05.2009 19:26:14
Date (last write): 27.03.2007 03:54:18
Filesize: 118784
Attributes: archive
MD5: C193B8ECC43122C46D13427C754323B4
CRC32: 85EE32BE
Version: 1.0.0.0
{65134FDF-F8A5-4B3D-91D9-CDF273CFD578} (dTPodcastBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: dTPodcastBHO
CLSID name: PodcastBHO Class
Path: C:\Program Files (x86)\Common Files\doubleTwist\
Long name: IEPodcastPlugin.dll
Short name: IEPODC~1.DLL
Date (created): 12.01.2011 14:59:08
Date (last access): 12.01.2011 14:59:08
Date (last write): 07.12.2010 16:32:34
Filesize: 61440
Attributes: archive
MD5: D79E9ECD84F3FB0A49B4ABBD52F7A045
CRC32: B1CCAEE3
Version: 1.3.0.0
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 18.08.2009 11:32:12
Date (last access): 16.11.2010 00:43:36
Date (last write): 18.08.2009 11:32:12
Filesize: 403840
Attributes: archive
MD5: D46ED7D33E847CD9E78E9F02910536B5
CRC32: A5B7CE0C
Version: 6.500.3165.0
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 04.05.2009 19:17:54
Date (last access): 04.05.2009 19:17:54
Date (last write): 04.05.2009 19:17:54
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~2\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 28.02.2010 02:20:14
Date (last access): 10.11.2010 16:34:28
Date (last write): 28.02.2010 02:20:14
Filesize: 561552
Attributes: archive
MD5: 0A63D9A102C3C0209465EA60199E6882
CRC32: AA1F9E0F
Version: 14.0.4750.1000
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 17.07.2010 05:08:56
Date (last access): 05.08.2010 18:40:24
Date (last write): 17.07.2010 05:08:56
Filesize: 41760
Attributes: archive
MD5: 6D5ADB1C823BFE21F9431D0995C7B185
CRC32: 71F413A1
Version: 6.0.210.7
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Gears Helper
CLSID name: Google Gears Helper
Path: C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\
Long name: gears.dll
Short name:
Date (created): 23.02.2010 05:51:18
Date (last access): 06.03.2010 09:57:04
Date (last write): 23.02.2010 05:51:18
Filesize: 2121728
Attributes: archive
MD5: 432226E3E9C09A73F389A65DEC49BB2F
CRC32: B0B45F47
Version: 0.5.36.0
--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\SysWow64\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 07.01.2009 17:20:24
Date (last access): 07.01.2009 17:20:24
Date (last write): 07.01.2009 17:20:24
Filesize: 1486192
Attributes: archive
MD5: BCEA8FA64B757A172D7F8406DEAB0BE4
CRC32: 15086C9A
Version: 1.9.9.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19.11.2008 13:12:40
Date (last access): 17.07.2010 04:01:04
Date (last write): 17.07.2010 04:00:08
Filesize: 108320
Attributes: archive
MD5: 25F044BAA126064EB0284FB6C115BAB9
CRC32: 9CD13605
Version: 6.0.210.7
[gekürzt]
Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp
Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost
Service (registry key): wlidsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live ID Sign-in Assistant
Description: Enables Windows Live ID authentication.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Image size: 2291568
Image MD5: 98F138897EF4246381D197CB81846D62
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\DRIVERS\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: http
Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 428032
Image MD5: 622D95520182F6D3D05310D5810CA8B3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: User Mode Driver Frameworks Platform Driver
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf
Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {531C16E5-4700-483D-A4D7-508A5933EC19}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {6F28AD1D-911C-4979-AF63-A58758057C69}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {7EF0FB1D-41AE-4877-9105-2B373EB8CC7A}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {CECE7FE5-3CDE-4F68-9AF3-0649EDE0AE0B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {CEE041D1-5EB1-4E2C-ABC7-18BB9861ECFF}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {EE18660E-3A7A-460B-A12B-42FD4D4C655D}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): azg9li1v
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5544
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.01.2011 17:55:15
mbam-log-2011-01-18 (17-55-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|S:\|U:\|)
Durchsuchte Objekte: 1086853
Laufzeit: 3 Stunde(n), 38 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
s:\Dropbox\my dropbox\Privat\Software\actualspy.exe (Application.ActualSpy) -> Quarantined and deleted successfully.
s:\Pics\2005\Bolivia\Al\pztrain.exe (Malware.Gen) -> Quarantined and deleted successfully.
++++++++++++++++++++++++++++++++++++++++++++++++
Code:
ATTFilter OTL logfile created on: 18.01.2011 13:06:27 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\RoSh\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 39,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 53,94 Gb Free Space | 11,58% Space Free | Partition Type: NTFS Drive F: | 244,14 Gb Total Space | 104,68 Gb Free Space | 42,88% Space Free | Partition Type: NTFS Drive S: | 465,76 Gb Total Space | 30,51 Gb Free Space | 6,55% Space Free | Partition Type: NTFS Drive U: | 687,37 Gb Total Space | 455,24 Gb Free Space | 66,23% Space Free | Partition Type: NTFS Computer Name: ** | User Name: RoSh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RoSh\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Opera 10 Beta\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\PROGRA~2\DUMETE~1\DUMeter.exe (Hagel Technologies Ltd.) PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\program files (x86)\lg soft india\fortemanager\bin\monitor.exe () PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Launchy\Launchy.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) ========== Modules (SafeList) ========== MOD - C:\Users\RoSh\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (DUMeterSvc) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Realtek11nSU) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3586.dll () SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (PCGenFAM) -- C:\Windows\SysNative\drivers\PCGenFAM.sys (Soluto LTD.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\mod7700.sys (DiBcom SA) DRV:64bit: - (MODRC) -- C:\Windows\SysNative\drivers\modrc.sys (DiBcom S.A.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PsSdkLBF) -- C:\Windows\SysNative\drivers\pssdklbf.sys (microOLAP Technologies LTD) DRV:64bit: - (PsSdk41) -- C:\Windows\SysNative\drivers\pssdk41.sys (microOLAP Technologies LTD) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (SysTool) -- C:\Windows\SysNative\drivers\SysTool64.sys () DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\JGOGO.sys (JMicron ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (DUMeterDrv) -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS (Hagel Technologies Ltd.) DRV - (DgiVecp) -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys () DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 11 33 9D B0 B4 CA 01 [binary data] IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.6 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 09:57:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.12 17:57:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.19 13:45:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010.11.12 19:21:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010.11.12 19:21:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010.11.12 19:21:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010.11.12 19:21:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.09.06 19:25:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010.09.06 19:25:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.19 13:45:18 | 000,000,000 | ---D | M] [2009.10.06 11:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Extensions [2011.01.18 00:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions [2010.04.28 08:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.11 03:43:22 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011.01.04 13:04:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.21 18:51:26 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.09.10 20:26:06 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2010.05.29 18:43:42 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.23 12:23:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.10.27 21:27:35 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\battlefieldheroespatcher@ea.com [2010.11.11 03:43:25 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\extension@virtusdesigns.com [2011.01.04 13:04:02 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\firegestures@xuldev.org [2010.07.13 13:27:06 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\maps@ovi.com [2010.11.11 03:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\extension@virtusdesigns.com\chrome [2010.11.11 03:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009.11.24 22:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Sunbird\Profiles\m9nr8eo4.default\extensions [2009.06.29 16:58:11 | 000,002,164 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\bing.xml [2009.06.20 06:09:11 | 000,002,654 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\google-bildsuche.xml [2009.06.20 06:09:11 | 000,002,016 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\leo-de-es.xml [2009.06.20 06:09:11 | 000,002,007 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\leo-en-de.xml [2008.06.24 22:26:56 | 000,000,681 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\webster.xml [2009.08.05 13:15:25 | 000,002,275 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\wolframalpha.xml [2009.06.20 06:09:11 | 000,002,431 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\youtube---videos.xml [2011.01.18 00:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.05 18:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.03.06 09:57:03 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX [2010.11.19 13:45:18 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.10.12 14:38:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.07.26 21:46:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.26 21:46:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.26 21:46:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.26 21:46:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.26 21:46:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.05.20 16:20:53 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - S:\Programme\Adobe Shit\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - S:\Programme\Adobe Shit\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000..\Run: [Microsoft Works Update Detection] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5688906e-d559-11df-a013-001a921cbb7e}\Shell - "" = AutoRun O33 - MountPoints2\{5688906e-d559-11df-a013-001a921cbb7e}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: DU Meter - hkey= - key= - C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\RoSh\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WallPaper - hkey= - key= - C:\Programme\Wallpaper Changer\Wallpaper.exe () MsConfig:64bit - StartUpReg: WinPatrol - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {937E53D8-EC0E-AFE2-8EB1-9D3E787D62B0} - Microsoft Windows Media Player ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {96EDD00B-3C73-484A-A416-F911B0A3BF80} - Themes Setup ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8ED52399-3776-89BA-ED49-80D4304785BC} - Themes Setup ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2E047B4-9285-CBFE-49F6-ADD8FFCCED9E} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - ac3filter.acm File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: VIDC.ACDV - ACDV.dll File not found Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.18 13:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RoSh\Desktop\OTL.exe [2011.01.17 17:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ice-pick Lodge [2011.01.17 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games [2011.01.17 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Documents\My Photos [2011.01.17 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Documents\My Documents [2011.01.17 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.01.17 00:33:50 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\HTC [2011.01.17 00:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2011.01.17 00:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2011.01.17 00:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2011.01.17 00:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2011.01.17 00:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.01.14 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Desktop\mu [2011.01.12 18:48:06 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 18:48:06 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.01.12 18:48:06 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 18:48:06 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.01.12 18:48:06 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.01.12 18:48:05 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 18:48:05 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 18:48:05 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 18:48:05 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.01.12 18:48:05 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.12 18:48:04 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 18:48:04 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 18:48:04 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.12 18:48:04 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.12 18:48:04 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 18:48:04 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.12 18:48:04 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 18:48:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 18:48:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 18:48:03 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.12 18:48:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 18:48:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 18:48:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 18:48:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 18:48:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.01.12 18:48:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.12 18:48:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 18:47:54 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 18:47:54 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.12 14:59:11 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Local\doubleTwist Corporation [2011.01.12 14:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\doubleTwist [2011.01.12 14:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist [2011.01.12 14:59:04 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll [2011.01.12 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2011.01.12 14:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\doubleTwist 2.0 [2011.01.11 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Application Data [2011.01.11 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.01.10 23:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte [2011.01.10 23:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.01.10 23:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.01.10 22:56:05 | 000,000,000 | ---D | C] -- C:\AMD [2011.01.04 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy [2011.01.04 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy [2011.01.04 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2011.01.04 01:39:26 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver [2010.08.16 20:21:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RoSh\AppData\Roaming\pcouffin.sys [2010.08.16 20:20:18 | 016,790,447 | ---- | C] (ChattChitto©) -- C:\Program Files (x86)\DVDFab Platinum v6.2.1.8 Final + Serial [ChattChitto RG].exe [2008.10.07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\RoSh\*.tmp files -> C:\Users\RoSh\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.18 13:04:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RoSh\Desktop\OTL.exe [2011.01.18 12:47:33 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.18 12:47:33 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.18 12:39:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2204050855-2847797839-2532557262-1000UA.job [2011.01.18 12:38:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.01.18 12:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.18 12:37:53 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011.01.18 03:54:20 | 000,061,344 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx [2011.01.18 03:54:20 | 000,061,344 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx [2011.01.18 03:54:20 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx [2011.01.18 03:16:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.18 02:37:03 | 001,537,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.18 02:37:03 | 000,670,026 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.18 02:37:03 | 000,628,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.18 02:37:03 | 000,136,476 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.18 02:37:03 | 000,111,920 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.17 13:39:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2204050855-2847797839-2532557262-1000Core.job [2011.01.12 23:08:26 | 000,006,456 | ---- | M] () -- C:\Users\RoSh\.recently-used.xbel [2011.01.12 14:59:27 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.01.12 14:59:06 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk [2011.01.05 14:21:13 | 000,007,098 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.01.05 14:21:04 | 002,439,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.04 21:10:38 | 001,567,190 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.04 21:05:08 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.04 21:04:58 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\Pbsvc.exe [2011.01.04 01:39:18 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011.01.04 01:39:18 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011.01.04 01:39:18 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2011.01.04 01:39:18 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\RoSh\*.tmp files -> C:\Users\RoSh\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.12 23:08:26 | 000,006,456 | ---- | C] () -- C:\Users\RoSh\.recently-used.xbel [2011.01.12 14:59:27 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.01.12 14:59:06 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk [2011.01.12 14:59:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.06 17:58:08 | 000,007,668 | ---- | C] () -- C:\Users\RoSh\AppData\Local\resmon.resmoncfg [2010.10.05 12:19:38 | 001,567,190 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.16 20:22:13 | 000,000,034 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.log [2010.08.16 20:21:00 | 000,099,384 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\inst.exe [2010.08.16 20:21:00 | 000,007,859 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.cat [2010.08.16 20:21:00 | 000,001,167 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.inf [2010.06.11 12:28:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010.05.10 12:30:02 | 000,000,098 | ---- | C] () -- C:\Windows\galaxy.ini [2010.04.26 10:33:39 | 000,113,152 | ---- | C] () -- C:\Users\RoSh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.25 20:16:35 | 000,000,636 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\synOtunes.plist [2010.02.01 10:28:49 | 000,015,418 | ---- | C] () -- C:\Windows\Q-Dir.ini [2009.11.17 14:16:10 | 000,000,301 | ---- | C] () -- C:\Windows\game.ini [2009.10.06 15:49:23 | 000,007,098 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.10.06 10:47:34 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.06 10:47:34 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.08.04 19:39:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.07 15:25:37 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2009.06.09 09:15:14 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\dblmsg.dll [2009.05.18 19:17:58 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2009.04.16 10:53:35 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.03.21 00:56:23 | 000,000,380 | ---- | C] () -- C:\Windows\SOF.INI [2008.12.16 14:09:33 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.11.30 15:04:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2008.10.07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.09.12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2008.08.19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\RoSh\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2009.10.06 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\#Short company name# [2010.09.23 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\.minecraft [2010.04.26 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ACD Systems [2009.10.08 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atari [2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atlus [2010.03.31 14:09:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Audacity [2010.05.04 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Autodesk [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Bioshock [2010.03.10 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Blender Foundation [2010.12.17 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Broken Rules [2010.03.16 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Celemony Software GmbH [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\CoCreate [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Colibri [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Crayon Physics Deluxe [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools [2010.10.11 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools Lite [2010.05.10 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dev-Cpp [2010.12.02 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DocClockGame [2011.01.18 12:39:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dropbox [2010.01.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DynaGeo [2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu [2009.10.12 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit [2010.11.22 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit Software [2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\FUEL Demo [2011.01.12 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\gtk-2.0 [2011.01.17 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC [2011.01.17 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.02.16 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\inkscape [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\johnsadventures.com [2009.12.15 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Karteikartentrainer [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Launchy [2009.10.08 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Leadertech [2010.02.10 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\MAXON [2010.05.20 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\mythtv [2010.09.09 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Need for Speed World [2010.07.13 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia [2010.07.12 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia Ovi Suite [2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Notepad++ [2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\OpenOffice.org [2010.10.15 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Opera [2010.07.12 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\PC Suite [2010.10.26 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Pingus [2010.02.01 23:02:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Q-Dir [2009.10.06 11:21:33 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\QIP [2011.01.14 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SoftGrid Client [2010.06.11 12:36:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Soluto [2009.10.06 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SPAMfighter [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Spamihilator [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Subversion [2009.11.24 17:10:30 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sync App Settings [2011.01.05 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TeamViewer [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Teeworlds [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TerraTec [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\The Creative Assembly [2010.10.05 12:21:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TP [2010.02.01 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Trillian [2010.09.29 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 [2009.10.08 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 Demo [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TrueCrypt [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Ubisoft [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Volume Logic iTunes Plug-in [2010.08.16 20:22:13 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Vso [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinPatrol [2011.01.04 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver [2010.12.06 22:52:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.06 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\#Short company name# [2010.09.23 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\.minecraft [2010.04.26 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ACD Systems [2011.01.17 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Adobe [2010.06.11 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Apple Computer [2009.10.08 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atari [2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ATI [2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atlus [2010.03.31 14:09:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Audacity [2010.05.04 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Autodesk [2010.11.26 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Avira [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Bioshock [2010.03.10 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Blender Foundation [2010.12.17 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Broken Rules [2010.03.16 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Celemony Software GmbH [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\CoCreate [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Colibri [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Crayon Physics Deluxe [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Creative [2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools [2010.10.11 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools Lite [2010.05.10 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dev-Cpp [2010.09.07 10:42:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DivX [2010.12.02 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DocClockGame [2011.01.18 12:39:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dropbox [2011.01.18 02:55:29 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\dvdcss [2010.01.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DynaGeo [2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu [2009.10.12 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit [2010.11.22 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit Software [2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\FUEL Demo [2010.06.07 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Google [2011.01.12 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\gtk-2.0 [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Hamachi [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HP [2011.01.17 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC [2011.01.17 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2009.10.06 18:19:28 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Identities [2010.02.16 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\inkscape [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\johnsadventures.com [2009.12.15 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Karteikartentrainer [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Launchy [2009.10.08 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Leadertech [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Logitech [2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Macromedia [2010.02.10 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\MAXON [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Media Center Programs [2010.11.10 18:54:14 | 000,000,000 | --SD | M] -- C:\Users\RoSh\AppData\Roaming\Microsoft [2009.11.24 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Mozilla [2010.05.20 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\mythtv [2010.09.09 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Need for Speed World [2010.07.13 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia [2010.07.12 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia Ovi Suite [2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Notepad++ [2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\OpenOffice.org [2010.10.15 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Opera [2010.07.12 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\PC Suite [2010.10.26 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Pingus [2010.02.01 23:02:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Q-Dir [2009.10.06 11:21:33 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\QIP [2009.10.06 11:21:36 | 000,000,000 | RH-D | M] -- C:\Users\RoSh\AppData\Roaming\SecuROM [2011.01.14 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SoftGrid Client [2010.06.11 12:36:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Soluto [2009.10.06 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SPAMfighter [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Spamihilator [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Subversion [2009.11.23 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sun [2009.11.24 17:10:30 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sync App Settings [2009.11.24 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Talkback [2011.01.05 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TeamViewer [2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Teeworlds [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TerraTec [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\The Creative Assembly [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TortoiseSVN [2010.10.05 12:21:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TP [2010.02.01 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Trillian [2010.09.29 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 [2009.10.08 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 Demo [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TrueCrypt [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\U3 [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Ubisoft [2010.11.12 16:16:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\vlc [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Volume Logic iTunes Plug-in [2010.08.16 20:22:13 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Vso [2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinPatrol [2008.11.03 00:58:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinRAR [2011.01.04 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver < %APPDATA%\*.exe /s > [2010.08.16 20:21:00 | 000,099,384 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\inst.exe [2004.01.26 16:15:29 | 000,233,472 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\MafiaSetup.exe [2010.12.17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.12.17 03:24:34 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Uninstall.exe [2008.12.10 18:24:56 | 003,719,168 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu\FahCore_11.exe [2011.01.17 00:27:45 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\RoSh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.12.19 13:04:57 | 000,023,558 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_18be6784.exe [2008.12.19 13:04:57 | 000,023,558 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_294823.exe [2009.02.21 13:03:02 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2009.09.23 16:59:04 | 000,010,134 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.03.27 08:03:08 | 001,560,576 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WZgrapher\wplotde.exe [2009.01.16 17:18:23 | 000,227,328 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WZgrapher\wzgrapher.exe [2009.01.08 18:38:41 | 000,169,936 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\FlashGot.exe [2009.09.14 17:58:22 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\RoSh\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.09.03 11:57:58 | 000,024,576 | R--- | M] () MD5=13152546664ADBC55D2BB3C470C36D20 -- C:\Perl64\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > PS: Ich konnte meine Logfiles .txt mit 300kb nicht hochladen und meine Beitragslänge mit denselben war auch gut 3mal mehr als erlaubt. Wenn was rausgeschnitten ist hab ichs notiert. |
|
19.01.2011, 10:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ist mein Opachki.ru vollends gelöscht? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
19.01.2011, 12:27
| #3 |
| | Ist mein Opachki.ru vollends gelöscht? Soeben habe ich noch einen Quickscan gemacht, siehe unten. Zuvor war ausschließlich der bereits erwähnte Lauf vorhanden.
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5544
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.01.2011 12:32:35
mbam-log-2011-01-19 (12-32-35).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172918
Laufzeit: 3 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Geändert von dasRoSh (19.01.2011 um 12:38 Uhr) |
|
19.01.2011, 13:25
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Opachki.ru vollends gelöscht?Zitat:
  Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.01.2011, 13:32
| #5 |
| | Ist mein Opachki.ru vollends gelöscht? Danke. Finde gut dass ihr so konsequent seid. Bin ich froh dass ich im angeforderten Log keinen einzigen Fund habe, andersrum wärs jetzt schon hart. Die gesetzliche Grundlage bzgl. zB Cracks würd mich aber schon interessieren. So ist zB im Gesetzestext von "Wirksamem Kopierschutz" die Rede. Vergleiche CRE 164 Urheberrecht hxxp://chaosradio.ccc.de/chaosradio_express.html Außerdem hätte ich mich über eine Stellungnahme bzgl. der Logfile-Uploadgröße gefreut. Oder benutzt ihr auch Cracks und Serials und schließt euch von der Hilfe aus? Viele Grüße |
|
19.01.2011, 13:42
| #6 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Opachki.ru vollends gelöscht?Zitat:
 Zitat:
Zitat:
Und illegale Dreckssoftware wie Keygens/Cracks nutzen wir bestimmt nicht. 
__________________ --> Ist mein Opachki.ru vollends gelöscht? |
|
19.01.2011, 13:54
| #7 | ||
| | Ist mein Opachki.ru vollends gelöscht?Zitat:
 Zitat:
Wie auch immer, danke für die Hilfe |
|
19.01.2011, 15:04
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Opachki.ru vollends gelöscht?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2011, 15:48
| #9 | ||
| | Ist mein Opachki.ru vollends gelöscht?Zitat:
Zitat:
Wenn es aber um Kompression/Speicherplatzlimitierung geht, dann verstehe ich nicht die differierenden Upload-Limits zwischen 19,5KB und 293KB.  Ganz abgesehen davon öffne ich nur sehr ungerne zip-Dateien, deren Packvorgang oder Ersteller ich nicht persönlich gesehen habe. |
|
19.01.2011, 16:13
| #10 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Opachki.ru vollends gelöscht?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2011, 16:16
| #11 | |
| | Ist mein Opachki.ru vollends gelöscht?Zitat:
Und zu den Paranoia: Durch den Besuch einer Seite, die nichts anzeigt (kein Klick, Download oder Ähnliches) wurde mein PC infiziert. Zips aus Foren haben da ähnliches Potenzial. Und ja, ich weiß dass Zip nicht automatisch schlecht ist |
|
19.01.2011, 16:20
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein Opachki.ru vollends gelöscht?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2011, 16:25
| #13 |
| | Ist mein Opachki.ru vollends gelöscht? Danke für den Hinweis mit den Adminrechten |
|
| Themen zu Ist mein Opachki.ru vollends gelöscht? |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, adblock, akamai, antivir, application.actualspy, avgntflt.sys, avira, bonjour, browser, c:\windows\system32\rundll32.exe, cs3/contributeieplugin.dll, desktop, document, entfernen, error, firefox, flash player, folding, google, langs, location, logfile, malware, malware.gen, media center, monitor.exe, mozilla, nvstor.sys, object, oldtimer, opera.exe, otl.exe, plug-in, programdata, realtek, registry, registry key, safer networking, scan, sched.exe, searchplugins, senden, sicherheitshalber, software, sptd.sys, start menu, svchost.exe, synchronisation, system, syswow64, usbaapl64, webcheck, windows, wrapper, write |
Linear-Darstellung
