| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2011, 18:06
| #1 |
 |  otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg Hallo ich habe ein Problem das ich nicht lösen kann ich bekomme ständig ein Fenster geöfnet mit dem Text--- This assembly is protected by an unregistered version of Eziriz " Net Reactor"! ich glaube das user Alex 1411 das gleiche Problem hatte ihm konnte nur eine wiederherstellung der Betriebssoftware helfen kann mir bitte jemand Helfen wäre echt sehr Dankbar |
|
22.02.2011, 18:07
| #2 |
| /// Malware-holic   | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg poste bitte die otl logs
__________________
__________________ |
|
22.02.2011, 18:09
| #3 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg Das ist der Scan den ich von Otl. bekommen habe:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 21.02.2011 20:57:45 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\BH-ANATICOS\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 26,89 Gb Free Space | 18,70% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 1,20 Gb Free Space | 22,75% Space Free | Partition Type: NTFS Computer Name: BH-ANATICOS-PC | User Name: BH-ANATICOS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BH-ANA~1\AppData\Local\Temp\PMc8MbaT4.exe (Microsoft) PRC - C:\Users\BH-ANA~1\AppData\Local\Temp\Rnzj1V59G.exe (Microsoft) PRC - c:\Users\BH-ANATICOS\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Verbindungsassistent\WTGService.exe () PRC - C:\Users\BH-ANATICOS\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\ProgramData\{722D8884-F460-431D-AAAA-F508F3062631}\Server.exe (SlySoft Inc.) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe () PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () ========== Modules (SafeList) ========== MOD - c:\Users\BH-ANATICOS\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\vbscript.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemdisp.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbemcomn.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\sxs.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (GJService) -- C:\ProgramData\{722D8884-F460-431D-AAAA-F508F3062631}\Server.exe (SlySoft Inc.) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FsUsbExService) -- C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (Maplom) -- C:\Windows\System32\drivers\maplom.sys (SlySoft Inc.) DRV - (MaplomL) -- C:\Windows\System32\drivers\maploml.sys (SlySoft Inc.) DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys () DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\WINDOWS\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\WINDOWS\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPNoteBook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HPNoteBook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=stonicde" FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=stonicde&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.29 11:04:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011.02.15 18:10:21 | 000,000,000 | ---D | M] [2011.01.04 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Extensions [2011.02.20 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions [2011.02.20 13:08:41 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2011.02.20 19:57:34 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1} [2011.02.12 01:16:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\ffxtlbr@Facemoods.com File not found (No name found) -- [2010.11.29 11:04:56 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\BH-ANATICOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U1X4M2ZJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\BH-ANATICOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U1X4M2ZJ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2010.09.01 19:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.28 17:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programme\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. ) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programme\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. ) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [Auto Check Utility] C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe () O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [Windows Audio Service] C:\Users\BH-ANA~1\AppData\Local\Temp\audio.exe (Microsoft) O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..Trusted Domains: conduit.com ([search] http in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\hpwucli.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\pifsvc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\stax.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{055e3545-061e-11e0-851a-a128879cc8c6}\Shell - "" = AutoRun O33 - MountPoints2\{055e3545-061e-11e0-851a-a128879cc8c6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3593-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3593-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3595-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3595-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3597-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3597-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{49a342c4-9ab8-11df-9c9d-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{49a342c4-9ab8-11df-9c9d-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{49a342c5-9ab8-11df-9c9d-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{49a342c5-9ab8-11df-9c9d-001b243c6844}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{63ee2bdd-a498-11df-8604-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{63ee2bdd-a498-11df-8604-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63ee2bdf-a498-11df-8604-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{63ee2bdf-a498-11df-8604-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fa4b402-9b38-11df-93a1-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{8fa4b402-9b38-11df-93a1-001b243c6844}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8fa4b462-9b38-11df-93a1-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{8fa4b462-9b38-11df-93a1-001b243c6844}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9eab63b1-f657-11df-8cf8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9eab63b1-f657-11df-8cf8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c07effeb-9a85-11df-8105-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{c07effeb-9a85-11df-8105-001b243c6844}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f46b9162-f7dc-11df-bb16-e6e8b5163f58}\Shell - "" = AutoRun O33 - MountPoints2\{f46b9162-f7dc-11df-bb16-e6e8b5163f58}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.21 20:35:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.21 07:44:26 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\SkinSoft [2011.02.21 07:44:13 | 000,000,000 | -H-D | C] -- C:\Users\BH-ANATICOS\AppData\Local\{3A7C3760-0067-4DFD-914C-018D63CF006A} [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Documents\.NET Reactor SDK Test Apps [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor [2011.02.20 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Uniblue [2011.02.20 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\PackageAware [2011.02.20 19:49:54 | 000,722,944 | ---- | C] (Digital Minds Software) -- C:\Windows\System32\Sea Storm 3D Screensaver.scr [2011.02.20 19:33:27 | 000,092,728 | ---- | C] (Un4seen Developments) -- C:\Windows\System32\attach.bass [2011.02.20 19:13:16 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\TERMINAL Studio [2011.02.20 18:51:06 | 000,000,000 | ---D | C] -- C:\Programme\CA VMN Anti-Spyware [2011.02.20 18:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gemini Software [2011.02.20 18:50:30 | 001,056,768 | ---- | C] (FreeImage) -- C:\Windows\System32\FreeImage.dll [2011.02.20 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Documents\MAGIX_MusicEditor [2011.02.20 17:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.02.20 17:35:19 | 000,000,000 | ---D | C] -- C:\Programme\MAGIX [2011.02.20 17:34:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services [2011.02.20 17:13:13 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Talisman 3 [2011.02.20 17:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talisman 3 [2011.02.20 17:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Talisman 3 [2011.02.20 13:08:47 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo [2011.02.20 13:07:57 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2011.02.20 13:07:56 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2011.02.20 13:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media [2011.02.20 13:07:52 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Components [2011.02.20 13:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2011.02.20 13:07:07 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo [2011.02.20 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Ashampoo [2011.02.20 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\ashampoo [2011.02.20 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2011.02.17 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.02.14 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Desktop\rpc_v1.2-1 [2011.02.12 19:12:59 | 000,000,000 | ---D | C] -- C:\Programme\Silabs [2011.02.12 19:04:21 | 000,000,000 | ---D | C] -- C:\SiLabs [2011.02.12 09:29:48 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2011.02.12 01:16:02 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.02.12 01:15:40 | 000,559,918 | ---- | C] (Michael Scrivo ) -- C:\Users\BH-ANATICOS\Desktop\ootd-1.6.0.exe [2011.02.11 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\UseNeXT [2011.02.11 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2011.02.11 20:45:28 | 000,000,000 | ---D | C] -- C:\Programme\UseNeXT [2011.02.09 18:56:10 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 18:56:05 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 18:56:05 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 18:55:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 18:55:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 18:55:51 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 18:55:50 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 18:55:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 18:55:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 18:55:49 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 18:55:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 18:55:48 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 18:55:48 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 18:55:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 18:55:48 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 18:55:47 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 18:55:47 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 18:55:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 18:55:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 18:55:46 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 18:55:46 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 18:55:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 18:55:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 18:55:45 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 18:55:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 18:55:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 18:55:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 18:55:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 18:53:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 18:53:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 18:53:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 18:53:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 18:53:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 18:53:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 18:53:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 18:53:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 18:53:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 18:53:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 18:53:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 18:53:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 18:53:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 18:53:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 18:53:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 18:53:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 18:53:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 18:53:43 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 18:53:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.01 21:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.01.25 23:33:27 | 000,000,000 | ---D | C] -- C:\MFT 144768 [2011.01.25 23:32:09 | 000,000,000 | ---D | C] -- C:\MFT 85826 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.21 19:42:51 | 000,013,307 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.dat [2011.02.21 19:42:51 | 000,013,307 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.001 [2011.02.21 19:38:16 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.02.21 19:38:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.21 19:38:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.21 19:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 21:52:42 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job [2011.02.20 21:52:36 | 000,359,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.20 20:33:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.20 20:33:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.20 20:33:05 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.20 20:33:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.20 19:57:03 | 000,001,991 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Sun 3D Screensaver.lnk [2011.02.20 19:57:03 | 000,001,893 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\More Great 3D Screensavers.lnk [2011.02.20 19:55:33 | 000,002,057 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Star Wars 3D Screensaver.lnk [2011.02.20 19:53:46 | 000,002,066 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Solar System 3D Screensaver.lnk [2011.02.20 19:49:56 | 000,002,031 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Sea Storm 3D Screensaver.lnk [2011.02.20 19:46:58 | 000,002,058 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Planet Earth 3D Screensaver.lnk [2011.02.20 19:44:38 | 000,002,044 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Night City 3D Screensaver.lnk [2011.02.20 19:37:36 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Egyptian Pyramids 3D Screensaver.lnk [2011.02.20 19:35:43 | 000,002,029 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Formula 1 Screensaver.lnk [2011.02.20 19:34:46 | 000,000,271 | ---- | M] () -- C:\Windows\WinterTunnel-2007.set [2011.02.20 19:33:33 | 000,002,077 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Space Tunnels 3D Screensaver.lnk [2011.02.20 19:30:58 | 000,002,066 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Winter Night 3D Screensaver.lnk [2011.02.20 19:28:58 | 000,002,024 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Winter 3D Screensaver.lnk [2011.02.20 19:21:40 | 000,002,055 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Marine Life 3D Screensaver.lnk [2011.02.20 19:20:02 | 000,002,044 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Lighthouse 3D Screensaver.lnk [2011.02.20 19:16:52 | 000,002,087 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Golden Autumn 3D Screensaver.lnk [2011.02.20 19:14:55 | 000,002,045 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Forest Life 3D Screensaver.lnk [2011.02.20 19:13:03 | 000,002,000 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Easter 3D Screensaver.lnk [2011.02.20 19:10:39 | 000,001,963 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\More 3D Screensavers.lnk [2011.02.20 19:10:39 | 000,000,780 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Christmas Eve 3D Screensaver.lnk [2011.02.20 19:09:57 | 000,001,883 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Astro Gemini Screensaver Manager.lnk [2011.02.20 19:08:05 | 000,002,046 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Atlantis 3D Screensaver.lnk [2011.02.20 19:05:18 | 000,002,070 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Around the World - London.lnk [2011.02.20 19:02:48 | 000,002,120 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Spooky Halloween Screensaver.lnk [2011.02.20 19:00:51 | 000,002,087 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Merry Christmas Screensaver.lnk [2011.02.20 18:58:50 | 000,002,024 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Screensaver.lnk [2011.02.20 18:57:08 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Haunted Halloween Screensaver.lnk [2011.02.20 18:55:23 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Grandfather Clock Screensaver.lnk [2011.02.20 18:50:36 | 000,002,120 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Corridors Screensaver.lnk [2011.02.20 17:43:12 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17 Premium Download-Version.lnk [2011.02.20 17:35:45 | 000,048,128 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.20 17:13:13 | 000,000,762 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Talisman Desktop.lnk [2011.02.20 13:23:47 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap 4.lnk [2011.02.20 13:09:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2011.02.20 13:07:14 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap 3.lnk [2011.02.19 13:06:16 | 000,096,768 | -H-- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe [2011.02.17 23:44:55 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini [2011.02.13 18:47:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.02.12 01:15:41 | 000,559,918 | ---- | M] (Michael Scrivo ) -- C:\Users\BH-ANATICOS\Desktop\ootd-1.6.0.exe [2011.02.11 20:45:33 | 000,001,642 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\UseNeXT.lnk [2011.02.09 18:55:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.20 21:06:46 | 000,096,768 | -H-- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe [2011.02.20 19:57:03 | 000,001,991 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Sun 3D Screensaver.lnk [2011.02.20 19:56:56 | 003,694,592 | ---- | C] () -- C:\Windows\System32\Sun 3D Screensaver.scr [2011.02.20 19:55:33 | 000,002,057 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Star Wars 3D Screensaver.lnk [2011.02.20 19:55:26 | 007,069,696 | ---- | C] () -- C:\Windows\System32\Star Wars 3D Screensaver.scr [2011.02.20 19:51:57 | 000,002,066 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Solar System 3D Screensaver.lnk [2011.02.20 19:51:48 | 014,663,680 | ---- | C] () -- C:\Windows\System32\Solar System 3D Screensaver.scr [2011.02.20 19:49:56 | 000,002,031 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Sea Storm 3D Screensaver.lnk [2011.02.20 19:46:58 | 000,002,058 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Planet Earth 3D Screensaver.lnk [2011.02.20 19:46:50 | 007,942,144 | ---- | C] () -- C:\Windows\System32\Planet Earth 3D Screensaver.scr [2011.02.20 19:44:38 | 000,002,044 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Night City 3D Screensaver.lnk [2011.02.20 19:44:27 | 012,435,456 | ---- | C] () -- C:\Windows\System32\Night City 3D Screensaver.scr [2011.02.20 19:37:36 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Egyptian Pyramids 3D Screensaver.lnk [2011.02.20 19:37:25 | 019,968,000 | ---- | C] () -- C:\Windows\System32\Egyptian Pyramids 3D Screensaver.scr [2011.02.20 19:35:43 | 000,002,029 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Formula 1 Screensaver.lnk [2011.02.20 19:35:33 | 016,228,352 | ---- | C] () -- C:\Windows\System32\3D Formula 1 Screensaver.scr [2011.02.20 19:33:33 | 000,002,077 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Space Tunnels 3D Screensaver.lnk [2011.02.20 19:33:27 | 007,078,912 | ---- | C] () -- C:\Windows\System32\Space Tunnels 3D Screensaver.scr [2011.02.20 19:30:58 | 000,002,066 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Winter Night 3D Screensaver.lnk [2011.02.20 19:30:45 | 022,495,232 | ---- | C] () -- C:\Windows\System32\Winter Night 3D Screensaver.scr [2011.02.20 19:28:58 | 000,002,024 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Winter 3D Screensaver.lnk [2011.02.20 19:28:54 | 010,379,264 | ---- | C] () -- C:\Windows\System32\Winter 3D Screensaver.scr [2011.02.20 19:21:40 | 000,002,055 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Marine Life 3D Screensaver.lnk [2011.02.20 19:21:28 | 016,277,504 | ---- | C] () -- C:\Windows\System32\Marine Life 3D Screensaver.scr [2011.02.20 19:20:02 | 000,002,044 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Lighthouse 3D Screensaver.lnk [2011.02.20 19:19:58 | 005,214,208 | ---- | C] () -- C:\Windows\System32\Lighthouse 3D Screensaver.scr [2011.02.20 19:16:52 | 000,002,087 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Golden Autumn 3D Screensaver.lnk [2011.02.20 19:16:41 | 021,139,456 | ---- | C] () -- C:\Windows\System32\Golden Autumn 3D Screensaver.scr [2011.02.20 19:14:55 | 000,002,045 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Forest Life 3D Screensaver.lnk [2011.02.20 19:14:47 | 004,747,264 | ---- | C] () -- C:\Windows\System32\Forest Life 3D Screensaver.scr [2011.02.20 19:13:03 | 000,002,000 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Easter 3D Screensaver.lnk [2011.02.20 19:12:55 | 025,534,464 | ---- | C] () -- C:\Windows\System32\Easter 3D Screensaver.scr [2011.02.20 19:09:53 | 000,001,963 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\More 3D Screensavers.lnk [2011.02.20 19:09:53 | 000,000,780 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Christmas Eve 3D Screensaver.lnk [2011.02.20 19:09:45 | 009,011,200 | ---- | C] () -- C:\Windows\System32\Christmas Eve 3D Screensaver.scr [2011.02.20 19:08:05 | 000,002,046 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Atlantis 3D Screensaver.lnk [2011.02.20 19:08:01 | 015,482,880 | ---- | C] () -- C:\Windows\System32\Atlantis 3D Screensaver.scr [2011.02.20 19:05:18 | 000,002,070 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Around the World - London.lnk [2011.02.20 19:05:12 | 006,316,032 | ---- | C] () -- C:\Windows\System32\Around the World - London.scr [2011.02.20 19:02:48 | 000,002,120 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Spooky Halloween Screensaver.lnk [2011.02.20 19:02:39 | 008,429,568 | ---- | C] () -- C:\Windows\System32\3D Spooky Halloween Screensaver.scr [2011.02.20 19:00:51 | 000,002,087 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Merry Christmas Screensaver.lnk [2011.02.20 19:00:38 | 033,787,904 | ---- | C] () -- C:\Windows\System32\3D Merry Christmas Screensaver.scr [2011.02.20 18:58:50 | 000,002,024 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Screensaver.lnk [2011.02.20 18:58:46 | 002,678,784 | ---- | C] () -- C:\Windows\System32\3D Matrix Screensaver.scr [2011.02.20 18:57:08 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Haunted Halloween Screensaver.lnk [2011.02.20 18:56:59 | 008,998,912 | ---- | C] () -- C:\Windows\System32\3D Haunted Halloween Screensaver.scr [2011.02.20 18:54:42 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Grandfather Clock Screensaver.lnk [2011.02.20 18:54:34 | 010,407,936 | ---- | C] () -- C:\Windows\System32\3D Grandfather Clock Screensaver.scr [2011.02.20 18:50:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Astro Gemini Screensaver Manager.scr [2011.02.20 18:50:36 | 000,002,120 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Corridors Screensaver.lnk [2011.02.20 18:50:36 | 000,001,893 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\More Great 3D Screensavers.lnk [2011.02.20 18:50:36 | 000,001,883 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Astro Gemini Screensaver Manager.lnk [2011.02.20 18:50:36 | 000,001,093 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk [2011.02.20 18:50:31 | 004,452,352 | ---- | C] () -- C:\Windows\System32\3D Matrix Corridors Screensaver.scr [2011.02.20 18:50:31 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ImxEx.dll [2011.02.20 17:43:12 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17 Premium Download-Version.lnk [2011.02.20 17:13:13 | 000,000,762 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Talisman Desktop.lnk [2011.02.20 13:23:47 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap 4.lnk [2011.02.20 13:09:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2011.02.20 13:07:14 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap 3.lnk [2011.02.17 23:44:55 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2011.02.15 18:10:25 | 000,001,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk [2011.02.11 20:45:33 | 000,001,642 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\UseNeXT.lnk [2011.01.20 22:29:08 | 000,420,920 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011.01.20 21:48:29 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.22 19:56:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\sscdcmnt.sys [2010.12.22 19:54:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.22 19:54:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.29 06:57:26 | 000,048,128 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 12:10:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.09.15 19:32:05 | 000,008,999 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010.08.17 17:43:03 | 000,001,932 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\wklnhst.dat [2010.08.17 11:54:49 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.08.01 06:38:00 | 000,000,680 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\d3d9caps.dat [2010.07.29 14:40:32 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini [2010.07.29 14:10:41 | 000,013,307 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.001 [2010.07.29 12:19:17 | 000,013,307 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.dat [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\QSwitch.txt [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\DSwitch.txt [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\AtStart.txt [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2011.02.20 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Ashampoo [2010.12.10 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Astro Gemini Software [2010.12.05 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Canneverbe Limited [2011.01.20 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\DAEMON Tools Pro [2010.08.01 11:38:05 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\IObit [2010.09.05 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\MAGIX [2011.01.20 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\ProtectDISC [2010.12.22 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Samsung [2010.08.17 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Template [2011.02.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\TERMINAL Studio [2011.01.16 01:10:16 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\TuneUp Software [2011.02.20 22:57:07 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Uniblue [2011.02.20 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\UseNeXT [2011.01.29 01:20:19 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Verbindungsassistent [2010.08.01 07:55:22 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Vodafone [2011.02.05 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\DAEMON Tools Pro [2011.02.05 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\TuneUp Software [2011.02.05 20:19:21 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\Verbindungsassistent [2011.02.21 00:16:27 | 000,032,518 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2011.02.20 21:52:42 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job ========== Purity Check ========== < End of report > |
|
22.02.2011, 18:09
| #4 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg Das ist der Scan den ich von Otl. bekommen habe: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.02.2011 20:57:45 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\BH-ANATICOS\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 26,89 Gb Free Space | 18,70% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 1,20 Gb Free Space | 22,75% Space Free | Partition Type: NTFS Computer Name: BH-ANATICOS-PC | User Name: BH-ANATICOS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BH-ANA~1\AppData\Local\Temp\PMc8MbaT4.exe (Microsoft) PRC - C:\Users\BH-ANA~1\AppData\Local\Temp\Rnzj1V59G.exe (Microsoft) PRC - c:\Users\BH-ANATICOS\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Verbindungsassistent\WTGService.exe () PRC - C:\Users\BH-ANATICOS\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\ProgramData\{722D8884-F460-431D-AAAA-F508F3062631}\Server.exe (SlySoft Inc.) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe () PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () ========== Modules (SafeList) ========== MOD - c:\Users\BH-ANATICOS\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\vbscript.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbem\wbemdisp.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\wbemcomn.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\sxs.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (GJService) -- C:\ProgramData\{722D8884-F460-431D-AAAA-F508F3062631}\Server.exe (SlySoft Inc.) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FsUsbExService) -- C:\WINDOWS\System32\FsUsbExService.Exe (Teruten) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (Maplom) -- C:\Windows\System32\drivers\maplom.sys (SlySoft Inc.) DRV - (MaplomL) -- C:\Windows\System32\drivers\maploml.sys (SlySoft Inc.) DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\System32\FsUsbExDisk.Sys () DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sscdmdm) -- C:\WINDOWS\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\WINDOWS\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\WINDOWS\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPNoteBook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HPNoteBook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=stonicde" FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=stonicde&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.29 11:04:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011.02.15 18:10:21 | 000,000,000 | ---D | M] [2011.01.04 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Extensions [2011.02.20 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions [2011.02.20 13:08:41 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2011.02.20 19:57:34 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1} [2011.02.12 01:16:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\BH-ANATICOS\AppData\Roaming\mozilla\Firefox\Profiles\u1x4m2zj.default\extensions\ffxtlbr@Facemoods.com File not found (No name found) -- [2010.11.29 11:04:56 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\BH-ANATICOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U1X4M2ZJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\BH-ANATICOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U1X4M2ZJ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2010.09.01 19:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.28 17:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programme\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. ) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Programme\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. ) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [Auto Check Utility] C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe () O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [Windows Audio Service] C:\Users\BH-ANA~1\AppData\Local\Temp\audio.exe (Microsoft) O4 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1649050749-3500846142-1385654425-1000\..Trusted Domains: conduit.com ([search] http in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\hpwucli.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\pifsvc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\stax.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{055e3545-061e-11e0-851a-a128879cc8c6}\Shell - "" = AutoRun O33 - MountPoints2\{055e3545-061e-11e0-851a-a128879cc8c6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3593-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3593-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3595-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3595-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{055e3597-061e-11e0-851a-bfe009580507}\Shell - "" = AutoRun O33 - MountPoints2\{055e3597-061e-11e0-851a-bfe009580507}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{49a342c4-9ab8-11df-9c9d-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{49a342c4-9ab8-11df-9c9d-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{49a342c5-9ab8-11df-9c9d-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{49a342c5-9ab8-11df-9c9d-001b243c6844}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{63ee2bdd-a498-11df-8604-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{63ee2bdd-a498-11df-8604-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63ee2bdf-a498-11df-8604-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{63ee2bdf-a498-11df-8604-001b243c6844}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fa4b402-9b38-11df-93a1-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{8fa4b402-9b38-11df-93a1-001b243c6844}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8fa4b462-9b38-11df-93a1-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{8fa4b462-9b38-11df-93a1-001b243c6844}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9eab63b1-f657-11df-8cf8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9eab63b1-f657-11df-8cf8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c07effeb-9a85-11df-8105-001b243c6844}\Shell - "" = AutoRun O33 - MountPoints2\{c07effeb-9a85-11df-8105-001b243c6844}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f46b9162-f7dc-11df-bb16-e6e8b5163f58}\Shell - "" = AutoRun O33 - MountPoints2\{f46b9162-f7dc-11df-bb16-e6e8b5163f58}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.21 20:35:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.21 07:44:26 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\SkinSoft [2011.02.21 07:44:13 | 000,000,000 | -H-D | C] -- C:\Users\BH-ANATICOS\AppData\Local\{3A7C3760-0067-4DFD-914C-018D63CF006A} [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Documents\.NET Reactor SDK Test Apps [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor [2011.02.20 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Uniblue [2011.02.20 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\PackageAware [2011.02.20 19:49:54 | 000,722,944 | ---- | C] (Digital Minds Software) -- C:\Windows\System32\Sea Storm 3D Screensaver.scr [2011.02.20 19:33:27 | 000,092,728 | ---- | C] (Un4seen Developments) -- C:\Windows\System32\attach.bass [2011.02.20 19:13:16 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\TERMINAL Studio [2011.02.20 18:51:06 | 000,000,000 | ---D | C] -- C:\Programme\CA VMN Anti-Spyware [2011.02.20 18:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gemini Software [2011.02.20 18:50:30 | 001,056,768 | ---- | C] (FreeImage) -- C:\Windows\System32\FreeImage.dll [2011.02.20 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Documents\MAGIX_MusicEditor [2011.02.20 17:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.02.20 17:35:19 | 000,000,000 | ---D | C] -- C:\Programme\MAGIX [2011.02.20 17:34:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services [2011.02.20 17:13:13 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Talisman 3 [2011.02.20 17:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talisman 3 [2011.02.20 17:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Talisman 3 [2011.02.20 13:08:47 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo [2011.02.20 13:07:57 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2011.02.20 13:07:56 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2011.02.20 13:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media [2011.02.20 13:07:52 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Components [2011.02.20 13:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2011.02.20 13:07:07 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo [2011.02.20 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Ashampoo [2011.02.20 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Local\ashampoo [2011.02.20 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2011.02.17 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.02.14 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\Desktop\rpc_v1.2-1 [2011.02.12 19:12:59 | 000,000,000 | ---D | C] -- C:\Programme\Silabs [2011.02.12 19:04:21 | 000,000,000 | ---D | C] -- C:\SiLabs [2011.02.12 09:29:48 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2011.02.12 01:16:02 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.02.12 01:15:40 | 000,559,918 | ---- | C] (Michael Scrivo ) -- C:\Users\BH-ANATICOS\Desktop\ootd-1.6.0.exe [2011.02.11 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\UseNeXT [2011.02.11 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2011.02.11 20:45:28 | 000,000,000 | ---D | C] -- C:\Programme\UseNeXT [2011.02.09 18:56:10 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 18:56:05 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 18:56:05 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 18:55:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 18:55:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 18:55:51 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 18:55:50 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 18:55:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 18:55:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 18:55:49 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 18:55:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 18:55:48 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 18:55:48 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 18:55:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 18:55:48 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 18:55:47 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 18:55:47 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 18:55:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 18:55:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 18:55:46 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 18:55:46 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 18:55:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 18:55:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 18:55:45 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 18:55:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 18:55:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 18:55:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 18:55:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 18:53:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 18:53:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 18:53:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 18:53:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 18:53:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 18:53:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 18:53:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 18:53:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 18:53:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 18:53:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 18:53:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 18:53:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 18:53:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 18:53:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 18:53:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 18:53:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 18:53:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 18:53:43 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 18:53:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.01 21:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.01.25 23:33:27 | 000,000,000 | ---D | C] -- C:\MFT 144768 [2011.01.25 23:32:09 | 000,000,000 | ---D | C] -- C:\MFT 85826 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.21 19:42:51 | 000,013,307 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.dat [2011.02.21 19:42:51 | 000,013,307 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.001 [2011.02.21 19:38:16 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.02.21 19:38:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.21 19:38:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.21 19:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 21:52:42 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job [2011.02.20 21:52:36 | 000,359,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.20 20:33:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.20 20:33:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.20 20:33:05 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.20 20:33:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.20 19:57:03 | 000,001,991 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Sun 3D Screensaver.lnk [2011.02.20 19:57:03 | 000,001,893 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\More Great 3D Screensavers.lnk [2011.02.20 19:55:33 | 000,002,057 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Star Wars 3D Screensaver.lnk [2011.02.20 19:53:46 | 000,002,066 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Solar System 3D Screensaver.lnk [2011.02.20 19:49:56 | 000,002,031 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Sea Storm 3D Screensaver.lnk [2011.02.20 19:46:58 | 000,002,058 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Planet Earth 3D Screensaver.lnk [2011.02.20 19:44:38 | 000,002,044 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Night City 3D Screensaver.lnk [2011.02.20 19:37:36 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Egyptian Pyramids 3D Screensaver.lnk [2011.02.20 19:35:43 | 000,002,029 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Formula 1 Screensaver.lnk [2011.02.20 19:34:46 | 000,000,271 | ---- | M] () -- C:\Windows\WinterTunnel-2007.set [2011.02.20 19:33:33 | 000,002,077 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Space Tunnels 3D Screensaver.lnk [2011.02.20 19:30:58 | 000,002,066 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Winter Night 3D Screensaver.lnk [2011.02.20 19:28:58 | 000,002,024 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Winter 3D Screensaver.lnk [2011.02.20 19:21:40 | 000,002,055 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Marine Life 3D Screensaver.lnk [2011.02.20 19:20:02 | 000,002,044 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Lighthouse 3D Screensaver.lnk [2011.02.20 19:16:52 | 000,002,087 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Golden Autumn 3D Screensaver.lnk [2011.02.20 19:14:55 | 000,002,045 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Forest Life 3D Screensaver.lnk [2011.02.20 19:13:03 | 000,002,000 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Easter 3D Screensaver.lnk [2011.02.20 19:10:39 | 000,001,963 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\More 3D Screensavers.lnk [2011.02.20 19:10:39 | 000,000,780 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Christmas Eve 3D Screensaver.lnk [2011.02.20 19:09:57 | 000,001,883 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Astro Gemini Screensaver Manager.lnk [2011.02.20 19:08:05 | 000,002,046 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Atlantis 3D Screensaver.lnk [2011.02.20 19:05:18 | 000,002,070 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Around the World - London.lnk [2011.02.20 19:02:48 | 000,002,120 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Spooky Halloween Screensaver.lnk [2011.02.20 19:00:51 | 000,002,087 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Merry Christmas Screensaver.lnk [2011.02.20 18:58:50 | 000,002,024 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Screensaver.lnk [2011.02.20 18:57:08 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Haunted Halloween Screensaver.lnk [2011.02.20 18:55:23 | 000,002,121 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Grandfather Clock Screensaver.lnk [2011.02.20 18:50:36 | 000,002,120 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Corridors Screensaver.lnk [2011.02.20 17:43:12 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17 Premium Download-Version.lnk [2011.02.20 17:35:45 | 000,048,128 | ---- | M] () -- C:\Users\BH-ANATICOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.20 17:13:13 | 000,000,762 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\Talisman Desktop.lnk [2011.02.20 13:23:47 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap 4.lnk [2011.02.20 13:09:18 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2011.02.20 13:07:14 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap 3.lnk [2011.02.19 13:06:16 | 000,096,768 | -H-- | M] () -- C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe [2011.02.17 23:44:55 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini [2011.02.13 18:47:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.02.12 01:15:41 | 000,559,918 | ---- | M] (Michael Scrivo ) -- C:\Users\BH-ANATICOS\Desktop\ootd-1.6.0.exe [2011.02.11 20:45:33 | 000,001,642 | ---- | M] () -- C:\Users\BH-ANATICOS\Desktop\UseNeXT.lnk [2011.02.09 18:55:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.20 21:06:46 | 000,096,768 | -H-- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe [2011.02.20 19:57:03 | 000,001,991 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Sun 3D Screensaver.lnk [2011.02.20 19:56:56 | 003,694,592 | ---- | C] () -- C:\Windows\System32\Sun 3D Screensaver.scr [2011.02.20 19:55:33 | 000,002,057 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Star Wars 3D Screensaver.lnk [2011.02.20 19:55:26 | 007,069,696 | ---- | C] () -- C:\Windows\System32\Star Wars 3D Screensaver.scr [2011.02.20 19:51:57 | 000,002,066 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Solar System 3D Screensaver.lnk [2011.02.20 19:51:48 | 014,663,680 | ---- | C] () -- C:\Windows\System32\Solar System 3D Screensaver.scr [2011.02.20 19:49:56 | 000,002,031 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Sea Storm 3D Screensaver.lnk [2011.02.20 19:46:58 | 000,002,058 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Planet Earth 3D Screensaver.lnk [2011.02.20 19:46:50 | 007,942,144 | ---- | C] () -- C:\Windows\System32\Planet Earth 3D Screensaver.scr [2011.02.20 19:44:38 | 000,002,044 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Night City 3D Screensaver.lnk [2011.02.20 19:44:27 | 012,435,456 | ---- | C] () -- C:\Windows\System32\Night City 3D Screensaver.scr [2011.02.20 19:37:36 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Egyptian Pyramids 3D Screensaver.lnk [2011.02.20 19:37:25 | 019,968,000 | ---- | C] () -- C:\Windows\System32\Egyptian Pyramids 3D Screensaver.scr [2011.02.20 19:35:43 | 000,002,029 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Formula 1 Screensaver.lnk [2011.02.20 19:35:33 | 016,228,352 | ---- | C] () -- C:\Windows\System32\3D Formula 1 Screensaver.scr [2011.02.20 19:33:33 | 000,002,077 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Space Tunnels 3D Screensaver.lnk [2011.02.20 19:33:27 | 007,078,912 | ---- | C] () -- C:\Windows\System32\Space Tunnels 3D Screensaver.scr [2011.02.20 19:30:58 | 000,002,066 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Winter Night 3D Screensaver.lnk [2011.02.20 19:30:45 | 022,495,232 | ---- | C] () -- C:\Windows\System32\Winter Night 3D Screensaver.scr [2011.02.20 19:28:58 | 000,002,024 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Winter 3D Screensaver.lnk [2011.02.20 19:28:54 | 010,379,264 | ---- | C] () -- C:\Windows\System32\Winter 3D Screensaver.scr [2011.02.20 19:21:40 | 000,002,055 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Marine Life 3D Screensaver.lnk [2011.02.20 19:21:28 | 016,277,504 | ---- | C] () -- C:\Windows\System32\Marine Life 3D Screensaver.scr [2011.02.20 19:20:02 | 000,002,044 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Lighthouse 3D Screensaver.lnk [2011.02.20 19:19:58 | 005,214,208 | ---- | C] () -- C:\Windows\System32\Lighthouse 3D Screensaver.scr [2011.02.20 19:16:52 | 000,002,087 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Golden Autumn 3D Screensaver.lnk [2011.02.20 19:16:41 | 021,139,456 | ---- | C] () -- C:\Windows\System32\Golden Autumn 3D Screensaver.scr [2011.02.20 19:14:55 | 000,002,045 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Forest Life 3D Screensaver.lnk [2011.02.20 19:14:47 | 004,747,264 | ---- | C] () -- C:\Windows\System32\Forest Life 3D Screensaver.scr [2011.02.20 19:13:03 | 000,002,000 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Easter 3D Screensaver.lnk [2011.02.20 19:12:55 | 025,534,464 | ---- | C] () -- C:\Windows\System32\Easter 3D Screensaver.scr [2011.02.20 19:09:53 | 000,001,963 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\More 3D Screensavers.lnk [2011.02.20 19:09:53 | 000,000,780 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Christmas Eve 3D Screensaver.lnk [2011.02.20 19:09:45 | 009,011,200 | ---- | C] () -- C:\Windows\System32\Christmas Eve 3D Screensaver.scr [2011.02.20 19:08:05 | 000,002,046 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Atlantis 3D Screensaver.lnk [2011.02.20 19:08:01 | 015,482,880 | ---- | C] () -- C:\Windows\System32\Atlantis 3D Screensaver.scr [2011.02.20 19:05:18 | 000,002,070 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Around the World - London.lnk [2011.02.20 19:05:12 | 006,316,032 | ---- | C] () -- C:\Windows\System32\Around the World - London.scr [2011.02.20 19:02:48 | 000,002,120 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Spooky Halloween Screensaver.lnk [2011.02.20 19:02:39 | 008,429,568 | ---- | C] () -- C:\Windows\System32\3D Spooky Halloween Screensaver.scr [2011.02.20 19:00:51 | 000,002,087 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Merry Christmas Screensaver.lnk [2011.02.20 19:00:38 | 033,787,904 | ---- | C] () -- C:\Windows\System32\3D Merry Christmas Screensaver.scr [2011.02.20 18:58:50 | 000,002,024 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Screensaver.lnk [2011.02.20 18:58:46 | 002,678,784 | ---- | C] () -- C:\Windows\System32\3D Matrix Screensaver.scr [2011.02.20 18:57:08 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Haunted Halloween Screensaver.lnk [2011.02.20 18:56:59 | 008,998,912 | ---- | C] () -- C:\Windows\System32\3D Haunted Halloween Screensaver.scr [2011.02.20 18:54:42 | 000,002,121 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Grandfather Clock Screensaver.lnk [2011.02.20 18:54:34 | 010,407,936 | ---- | C] () -- C:\Windows\System32\3D Grandfather Clock Screensaver.scr [2011.02.20 18:50:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Astro Gemini Screensaver Manager.scr [2011.02.20 18:50:36 | 000,002,120 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\3D Matrix Corridors Screensaver.lnk [2011.02.20 18:50:36 | 000,001,893 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\More Great 3D Screensavers.lnk [2011.02.20 18:50:36 | 000,001,883 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Astro Gemini Screensaver Manager.lnk [2011.02.20 18:50:36 | 000,001,093 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk [2011.02.20 18:50:31 | 004,452,352 | ---- | C] () -- C:\Windows\System32\3D Matrix Corridors Screensaver.scr [2011.02.20 18:50:31 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ImxEx.dll [2011.02.20 17:43:12 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17 Premium Download-Version.lnk [2011.02.20 17:13:13 | 000,000,762 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\Talisman Desktop.lnk [2011.02.20 13:23:47 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap 4.lnk [2011.02.20 13:09:18 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2011.02.20 13:07:14 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap 3.lnk [2011.02.17 23:44:55 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2011.02.15 18:10:25 | 000,001,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk [2011.02.11 20:45:33 | 000,001,642 | ---- | C] () -- C:\Users\BH-ANATICOS\Desktop\UseNeXT.lnk [2011.01.20 22:29:08 | 000,420,920 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011.01.20 21:48:29 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.22 19:56:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\sscdcmnt.sys [2010.12.22 19:54:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.22 19:54:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.29 06:57:26 | 000,048,128 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 12:10:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.09.15 19:32:05 | 000,008,999 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010.08.17 17:43:03 | 000,001,932 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\wklnhst.dat [2010.08.17 11:54:49 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.08.01 06:38:00 | 000,000,680 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\d3d9caps.dat [2010.07.29 14:40:32 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini [2010.07.29 14:10:41 | 000,013,307 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.001 [2010.07.29 12:19:17 | 000,013,307 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Roaming\nvModes.dat [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\QSwitch.txt [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\DSwitch.txt [2010.07.28 19:25:30 | 000,000,000 | ---- | C] () -- C:\Users\BH-ANATICOS\AppData\Local\AtStart.txt [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2011.02.20 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Ashampoo [2010.12.10 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Astro Gemini Software [2010.12.05 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Canneverbe Limited [2011.01.20 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\DAEMON Tools Pro [2010.08.01 11:38:05 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\IObit [2010.09.05 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\MAGIX [2011.01.20 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\ProtectDISC [2010.12.22 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Samsung [2010.08.17 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Template [2011.02.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\TERMINAL Studio [2011.01.16 01:10:16 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\TuneUp Software [2011.02.20 22:57:07 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Uniblue [2011.02.20 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\UseNeXT [2011.01.29 01:20:19 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Verbindungsassistent [2010.08.01 07:55:22 | 000,000,000 | ---D | M] -- C:\Users\BH-ANATICOS\AppData\Roaming\Vodafone [2011.02.05 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\DAEMON Tools Pro [2011.02.05 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\TuneUp Software [2011.02.05 20:19:21 | 000,000,000 | ---D | M] -- C:\Users\Uschi\AppData\Roaming\Verbindungsassistent [2011.02.21 00:16:27 | 000,032,518 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2011.02.20 21:52:42 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job ========== Purity Check ========== < End of report > |
|
22.02.2011, 18:11
| #5 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg na da bin ich froh das du da bist  |
|
22.02.2011, 18:12
| #6 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg Habs gestern nicht mehr geschaft sorry das blöde fenster macht mich echt wahnsinig hoffentlich bekommen wir das gebacken ) |
|
22.02.2011, 18:21
| #7 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg Du hast gemeint das tuningprogramme nichts bringen ist das tune up. prog nicht gut was würdest du als experte empfehlen um dem rechner schwung zu geben ? naja aber erst mal das prob.bereinigen |
|
22.02.2011, 18:34
| #8 |
| /// Malware-holic | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg tuning programme = nutzlos :-) • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor :files C:\Users\BH-ANA~1\AppData\Local\Temp\PMc8MbaT4.exe C:\Users\BH-ANA~1\AppData\Local\Temp\Rnzj1V59G.exe C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe C:\Users\BH-ANA~1\AppData\Local\Temp\audio.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. start in normalen modus sollte funktionieren öffne computer, C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2011, 19:30
| #9 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg ich habe genau das hineinkopiert: :OTL [2011.02.21 07:43:44 | 000,000,000 | ---D | C] -- C:\Users\BH-ANATICOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor :files C:\Users\BH-ANA~1\AppData\Local\Temp\PMc8MbaT4.exe C:\Users\BH-ANA~1\AppData\Local\Temp\Rnzj1V59G.exe C:\Users\BH-ANATICOS\AppData\Roaming\AutoChks.exe C:\Users\BH-ANA~1\AppData\Local\Temp\audio.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] dann verschwindet mein desktop und otlmaske bleibt und dann tut sich lange nichts ich glaub der bleibt hängen oder mach ich was falsch? |
|
22.02.2011, 19:34
| #10 |
| /// Malware-holic | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg versuchs mal im abgesicherten modus ohne netzwerk bei pc start sollte das menü mit f8 zu erreichen sein, das otl script vorher abspeichern, als textdatei
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2011, 19:42
| #11 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg habe ich etwas zuviel eingegeben vieleicht: :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] meine otl einstellungen: scane alle benutzer--- hacken extra reg.--- benutz. safe list lop prüf --- hacken purity prüf --- hacken oder muss ich echt stunden lang warten? |
|
22.02.2011, 19:42
| #12 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg ok ich schau mal |
|
22.02.2011, 19:47
| #13 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg also intern. kapen pc neustart dann F8 und dann |
|
22.02.2011, 19:51
| #14 |
| /// Malware-holic | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg nein du sollst den pc neustarten f8 drücken und dort abgesicherter modus auswählen, könnte aber auch ne andere f-taste sein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2011, 19:53
| #15 |
| | otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg okay das mache ich bis gleich danke |
|
| Themen zu otl logs. Virus? bekomme ständig ein fenster geöfnett kriege es nicht mehr weg |
| assembly, dankbar, ellung, fenster, glaube, konnte, kriege, lösen, nicht mehr, problem, protected, this, version, virus, virus?, wiederherstellung |
Linear-Darstellung
