Trojaner oder Stealer
Hallo,
hab von jemanden ein Programm zugeschickt bekommen
Beim installieren ist mir aufgefallen, dass mehrere *.exe Dateien und *.jar Dateien erstellt wurden
Unter Anderem im temp Ordner und im Java Ordner und der Installer hat nicht funktioniert
Also mit hoher Sicherheit ein Trojaner oder Stealer
Hab sofort Java Cache gelöscht, temp Ordner geleert usw.
Mehrere Verdächtige Sachen gefunden wie ju.jar und ishi.exe und .tmp Dateien
Hatte während des Setups auch die Firewall zugelassen, da ich vermutet hatte, dass Updates heruntergeladen werden.
Eset, Malwarebytes, Emnisoft & Trojan Remover konnten nichts finden.
Hier mal die Logs, vielleicht könnt ihr mir ja weiterhelfen OTL Code:
OTL logfile created on: 04.05.2013 04:02:21 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VITALITASIA\Desktop\Tools\Security
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free
12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.04 02:52:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\Tools\Security\Otl.exe
PRC - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.04.14 18:58:32 | 000,124,416 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.14 18:59:20 | 002,376,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2013.04.14 18:59:18 | 011,387,392 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,387,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2013.04.14 18:59:08 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2013.04.14 18:59:08 | 001,338,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2013.04.14 18:59:06 | 008,025,600 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2013.04.14 18:59:06 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2013.04.14 18:59:06 | 000,279,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,072,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2013.04.14 18:58:58 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2013.04.14 18:58:54 | 001,551,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2013.04.14 18:58:52 | 001,405,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2013.04.14 18:58:52 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2013.04.14 18:58:52 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2013.04.14 18:58:48 | 001,285,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,740,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2013.04.14 18:58:40 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2013.04.14 18:58:40 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2013.04.14 18:58:38 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2013.04.14 18:58:38 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2013.04.14 18:58:36 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2013.04.14 18:58:34 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2013.04.14 18:58:34 | 000,469,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2013.04.14 18:58:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2013.04.14 18:58:32 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.25 01:30:18 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 18:10:00 | 002,570,544 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.04.15 18:38:22 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013.04.13 05:47:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013.04.13 05:47:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.04.13 05:10:42 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.04.13 05:04:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.04.13 05:04:04 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.04.13 05:04:04 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013.04.13 05:04:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.21 07:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.12.21 07:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.11.26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.11.08 13:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.11.08 13:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.07.24 21:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.07.24 21:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.07.24 21:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2012.06.12 23:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.03.08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2012.02.22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012.02.22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012.02.22 16:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2012.01.24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2011.10.25 19:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 19:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.04.08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.11.16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009.11.16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 DB F5 F2 48 44 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013.05.01 19:41:58 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Ultimate YouTube Downloader = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.1_0\
CHR - Extension: YouTube = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Downloads = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Google Mail = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1DAE1F-7C5F-404F-B763-D4CA56CA20B5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.05 14:56:54 | 000,000,099 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.04 04:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe
[2013.05.04 01:45:16 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082
[2013.05.04 01:45:06 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2013.05.04 01:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2013.05.04 01:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2013.05.04 00:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2013.05.04 00:45:07 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\O&O
[2013.05.04 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013.05.04 00:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2013.05.04 00:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2013.05.04 00:03:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Malwarebytes
[2013.05.04 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 00:03:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.04 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.03 23:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.03 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.03 22:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.05.03 22:57:17 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Simply Super Software
[2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software
[2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.03 22:41:37 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013.05.03 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Anti-Malware
[2013.05.03 17:50:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2013.05.03 16:36:12 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Virtual Machines
[2013.05.03 16:32:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2013.05.03 16:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2013.05.03 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013.05.03 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\ESET
[2013.05.02 01:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2013.05.01 23:42:46 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents\Scanned Documents
[2013.05.01 23:42:46 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Fax
[2013.05.01 23:35:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\My Cheat Tables
[2013.05.01 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\SoftCoder
[2013.05.01 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.05.01 18:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner
[2013.05.01 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.05.01 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.05.01 18:09:50 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net
[2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Moyea
[2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea
[2013.05.01 16:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.01 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea
[2013.05.01 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[2013.04.30 22:22:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software
[2013.04.30 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\QuickPar
[2013.04.30 04:58:02 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VS Revo Group
[2013.04.30 04:57:56 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013.04.30 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.04.30 03:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker
[2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker
[2013.04.30 02:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegSeeker
[2013.04.30 01:59:24 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Canon Easy-PhotoPrint EX
[2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013.04.30 01:57:13 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Canon
[2013.04.30 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013.04.30 01:51:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Software
[2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.04.30 01:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013.04.30 01:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2013.04.30 01:47:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software
[2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.04.29 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Diagnostics
[2013.04.29 22:08:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP
[2013.04.29 21:43:13 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.04.29 21:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.04.29 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.29 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.04.29 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cloning Clyde v1.0.197.0
[2013.04.29 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Programs
[2013.04.29 07:12:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.29 00:13:29 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013.04.29 00:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan
[2013.04.29 00:13:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\athan
[2013.04.29 00:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athan
[2013.04.28 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Browser
[2013.04.28 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\vlc
[2013.04.28 23:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013.04.28 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer
[2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live Writer
[2013.04.28 22:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013.04.28 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan
[2013.04.28 22:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.28 22:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013.04.28 22:40:07 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.04.28 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.04.28 22:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013.04.28 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.04.28 22:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.04.28 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Tools
[2013.04.28 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Download
[2013.04.28 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Spiele
[2013.04.28 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live
[2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013.04.28 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.28 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.04.28 22:25:38 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.28 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite
[2013.04.28 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.04.28 22:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.04.28 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.28 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013.04.28 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013.04.28 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013.04.28 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013.04.28 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.04.28 22:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013.04.28 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent
[2013.04.28 22:20:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\WinRAR
[2013.04.28 22:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.28 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.28 22:15:01 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.04.28 22:15:01 | 000,823,072 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2013.04.28 22:15:01 | 000,633,632 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2013.04.28 22:15:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.04.28 22:15:01 | 000,517,408 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2013.04.28 22:15:01 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.04.28 22:15:01 | 000,213,792 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2013.04.28 22:15:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.04.28 22:15:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.04.28 22:15:01 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.04.28 22:15:01 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.04.28 22:15:01 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.04.28 22:15:01 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.04.28 22:15:00 | 014,021,912 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.04.28 22:15:00 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2013.04.28 22:15:00 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.04.28 22:15:00 | 004,957,976 | ---- | C] (A-volute) -- C:\Windows\SysNative\RTKSMlfx.dll
[2013.04.28 22:15:00 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.04.28 22:15:00 | 001,900,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.04.28 22:15:00 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.04.28 22:15:00 | 000,887,640 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2013.04.28 22:15:00 | 000,719,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2013.04.28 22:15:00 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2013.04.28 22:15:00 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.04.28 22:15:00 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.04.28 22:15:00 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.04.28 22:15:00 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.04.28 22:15:00 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.04.28 22:15:00 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.04.28 22:15:00 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.04.28 22:15:00 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.04.28 22:15:00 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.04.28 22:15:00 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.04.28 22:15:00 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.04.28 22:15:00 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.04.28 22:14:59 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.04.28 22:14:59 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.04.28 22:14:59 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.04.28 22:14:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.04.28 22:14:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.04.28 22:14:59 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.04.28 22:14:59 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.04.28 22:14:59 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.04.28 22:14:59 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.04.28 22:14:59 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.04.28 22:14:59 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.04.28 22:14:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.04.28 22:14:59 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.04.28 22:14:59 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.04.28 22:14:59 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.04.28 22:14:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.28 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.28 22:14:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.28 22:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.28 22:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.28 22:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.04.28 22:12:21 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.28 22:12:21 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.04.28 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.28 22:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.28 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.28 22:10:54 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.04.28 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Alt.Binz
[2013.04.28 22:04:05 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013.04.28 22:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt.Binz
[2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alt.Binz
[2013.04.28 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.28 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.28 21:59:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.28 21:58:22 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\SkyDrive
[2013.04.28 21:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.04.28 21:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.04.28 21:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.28 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.28 21:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.28 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.28 21:46:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Google
[2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Deployment
[2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Apps
[2013.04.28 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Adobe
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Searches
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.28 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Identities
[2013.04.28 21:42:55 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Contacts
[2013.04.28 21:42:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VirtualStore
[2013.04.28 21:42:51 | 000,000,000 | --SD | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Videos
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Saved Games
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Pictures
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Music
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Links
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Favorites
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Downloads
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Desktop
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Vorlagen
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Verlauf
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Temporary Internet Files
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Startmenü
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\SendTo
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Recent
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Netzwerkumgebung
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Lokale Einstellungen
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Videos
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Musik
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Eigene Dateien
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Bilder
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Druckumgebung
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Cookies
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Anwendungsdaten
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Anwendungsdaten
[2013.04.28 21:42:51 | 000,000,000 | -H-D | C] -- C:\Users\VITALITASIA\AppData
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Temp
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Microsoft
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Media Center Programs
[2013.04.28 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.28 21:30:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.28 21:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.28 21:28:42 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.28 21:13:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.28 21:12:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.04.23 15:04:12 | 000,437,176 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.04.23 15:04:12 | 000,348,048 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.04.19 18:09:52 | 000,253,744 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013.04.19 18:09:44 | 000,011,056 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013.04.15 18:38:52 | 000,023,168 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.04.15 18:38:40 | 000,043,216 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.04.15 18:38:30 | 000,343,760 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.04.15 18:38:30 | 000,045,776 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.04.15 18:38:26 | 000,276,688 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.04.15 18:38:26 | 000,040,656 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2013.04.15 16:46:09 | 000,000,000 | ---D | C] -- C:\Windows\WinToolkit
[2013.04.15 16:44:10 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.04.15 16:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.04.15 16:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.04.15 16:43:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.04.15 16:43:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.04.15 16:42:38 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.04.15 16:42:36 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.04.15 16:42:34 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.04.15 16:42:34 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.04.12 16:21:49 | 000,418,632 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2013.04.12 16:21:49 | 000,139,592 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmthub3.sys
========== Files - Modified Within 30 Days ==========
[2013.05.04 04:00:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe
[2013.05.04 03:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 03:30:05 | 000,000,168 | ---- | M] () -- C:\Users\VITALITASIA\defogger_reenable
[2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 02:35:38 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 02:35:38 | 000,700,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 02:35:38 | 000,654,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 02:35:38 | 000,149,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 02:35:38 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 02:31:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 02:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 02:30:56 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 02:30:22 | 000,005,276 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.05.04 01:45:16 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082
[2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2013.05.01 19:26:32 | 000,000,600 | ---- | M] () -- C:\Users\VITALITASIA\PUTTY.RND
[2013.05.01 15:10:39 | 000,029,768 | ---- | M] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg
[2013.05.01 15:09:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.30 18:04:28 | 000,000,814 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk
[2013.04.30 15:56:38 | 000,000,659 | ---- | M] () -- C:\Users\VITALITASIA\.swfinfo
[2013.04.29 21:36:33 | 000,001,124 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk
[2013.04.29 00:13:30 | 000,001,829 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk
[2013.04.29 00:12:57 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013.04.28 23:48:07 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2013.04.28 23:46:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.04.28 23:46:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.28 23:45:22 | 000,001,117 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk
[2013.04.28 22:58:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.04.28 22:55:50 | 000,001,749 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk
[2013.04.28 22:53:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2013.04.28 22:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.04.28 22:53:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.04.28 22:43:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.04.28 22:43:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.04.28 22:37:46 | 000,013,257 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk
[2013.04.28 22:25:58 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.28 22:03:32 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2013.04.28 21:40:36 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.28 21:15:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.28 21:13:11 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 15:04:12 | 000,437,176 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.04.23 15:04:12 | 000,348,048 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.04.19 18:09:52 | 000,253,744 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013.04.19 18:09:44 | 000,011,056 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013.04.19 06:24:21 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.19 06:24:21 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.04.19 06:24:21 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.17 19:30:28 | 003,122,645 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.04.15 18:38:40 | 000,043,216 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.04.15 18:38:30 | 000,343,760 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.04.15 18:38:30 | 000,045,776 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.04.15 18:38:26 | 000,276,688 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.04.15 18:38:26 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2013.04.15 16:43:34 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.04.15 16:43:34 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.04.15 16:42:38 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.04.15 16:42:36 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.04.15 16:42:34 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.04.15 16:42:34 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.04.13 05:49:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.13 05:49:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.13 05:18:48 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.13 05:18:11 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013.05.04 03:30:05 | 000,000,168 | ---- | C] () -- C:\Users\VITALITASIA\defogger_reenable
[2013.05.03 22:57:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2013.05.03 22:57:17 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.05.03 22:41:22 | 000,005,276 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.05.01 19:25:32 | 000,000,600 | ---- | C] () -- C:\Users\VITALITASIA\PUTTY.RND
[2013.05.01 15:10:36 | 000,029,768 | ---- | C] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg
[2013.05.01 15:09:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.30 18:04:28 | 000,000,814 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk
[2013.04.30 15:30:31 | 000,000,659 | ---- | C] () -- C:\Users\VITALITASIA\.swfinfo
[2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2013.04.29 21:36:33 | 000,001,124 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk
[2013.04.29 00:13:30 | 000,001,829 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk
[2013.04.28 23:48:07 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2013.04.28 23:46:46 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.28 23:46:45 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.04.28 23:45:22 | 000,001,117 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk
[2013.04.28 22:58:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.04.28 22:55:50 | 000,001,749 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk
[2013.04.28 22:53:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2013.04.28 22:53:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.04.28 22:53:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.04.28 22:43:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.04.28 22:43:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.04.28 22:37:46 | 000,013,257 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk
[2013.04.28 22:30:43 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.04.28 22:25:58 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.28 22:15:01 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.04.28 22:15:00 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.04.28 22:12:36 | 003,122,645 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.28 22:11:30 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.28 22:03:32 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2013.04.28 21:58:22 | 000,002,200 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.04.28 21:46:55 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.28 21:46:54 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.28 21:43:05 | 000,001,413 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.28 21:31:25 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.28 21:16:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.28 21:16:56 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.28 21:15:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.28 21:12:52 | 535,732,223 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.15 16:44:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.04.15 16:44:39 | 000,700,562 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.15 16:44:39 | 000,149,462 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.15 16:44:39 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.04.13 05:49:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.13 05:49:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.13 05:18:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.13 05:18:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.04.13 05:20:21 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.04.13 05:20:21 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.30 02:25:29 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Canon
[2013.05.03 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite
[2013.04.29 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software
[2013.04.30 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software
[2013.05.01 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea
[2013.04.28 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor
[2013.04.28 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan
[2013.05.01 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net
[2013.05.03 23:00:08 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software
[2013.05.04 01:46:28 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent
[2013.05.02 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
Extras Code:
OTL Extras logfile created on: 04.05.2013 04:02:21 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VITALITASIA\Desktop\Tools\Security
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free
12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097D3631-AEF4-41C8-B2F7-9CD235867A06}" = rport=445 | protocol=6 | dir=out | app=system |
"{0AE98FE3-A35E-4D09-85B2-5E28FFD8F3F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{17EA8370-EF5E-49F2-8C4F-991E87DEE99C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{386C1F4A-BCC6-4456-8B4E-AAF4EE16956D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{419F948D-BA0B-446B-9BA2-8AAF4F169FD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45D041E2-01CC-4BC6-BA02-9D7A25DA703F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4D36A25F-C4CA-4BBA-99D6-03E595EA4ED2}" = lport=137 | protocol=17 | dir=in | app=system |
"{50F9BD0C-C22A-4A0A-AEA9-96EC17D852BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{699F54F2-6CA1-4B5F-BA37-0B75D2399E61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B98DD9E-EB0D-4110-9275-B64AC5F28919}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F4698FA-119D-4A71-9CD7-5DD5638F36EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F5BAB51-CE88-4212-8C0C-8BD58B8E9923}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8430AB9C-D498-4B99-A258-EFDBFA1333EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9473AA73-6CFD-4E42-9595-8D1EBF9E1729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{991887F6-3ACD-4448-A1A6-CFAC41FCE4DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A53AC3CB-52EA-4148-8B5D-72B2B46B169C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B47B3C36-409F-4874-BDFA-E3BCB155F0C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C794BB2C-95C2-4CF6-8620-A3286DE8F18C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D41588F4-A144-4D9F-8A66-B7D44CE76978}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7EED53F-E2AE-48E4-B4FA-7305ABA8198C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA0BA282-3796-4E6D-AF11-6ED17AFFCE06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DEAA9023-E844-4E3A-9EF1-EFD31E39D169}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F33BA06E-C755-4F6D-BA07-E001F5437AB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F40CBE2B-2760-4C8B-81D4-F08602FA70EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F59994D0-03FF-4DF8-899B-DBE4A33AA770}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A33A945-855D-443D-83D7-3EB267109AC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FCD53F6-6CCF-4CFA-BAE7-8B075B1559EA}" = dir=in | app=c:\users\vitalitasia\appdata\local\microsoft\skydrive\skydrive.exe |
"{2244E668-7262-4B72-A2E1-501048E98DE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D1DCBF3-A210-4CED-BA44-51B560127D62}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{43769C55-07BD-488B-B98C-56E47B8774F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43B07018-0989-4901-90CF-C207075309F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B9BDEDD-4F66-4701-BA61-BED22178A574}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{4CA1EA80-AE39-4ECB-9601-D9D023747746}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5301EA7E-8811-4F31-9868-BA1DC6166ECA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A5736B3-784D-4FAE-9A7E-837815ECB048}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF9B01C-F87A-42CE-BEAB-4C4275D407D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70C738B3-EA2C-42D3-89D6-437A07AA612E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{733DFA19-B365-4CD8-BAA4-9B4B45EC7513}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75AAAD62-BEF2-49D2-860A-6FC896E50D1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{936E688A-6FFC-4D56-9ADD-53BC2030899A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{93D50DD0-7112-4F12-AC7F-C50DB38BE5D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{956E03F7-2312-493A-9AA6-6035724B127A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC31C39-CD33-4665-91A7-DA8D818F87C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B88F4937-E241-4948-B79D-E89B25017DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{C1031E8A-D201-4DEE-9266-B42FB8294DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{CB94BE4A-1480-47D8-BC01-9622149220B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD0D498A-1E9A-4142-BF05-E8DF80AA9A4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C30BA4-F47E-4096-AE1D-CB7982EF50C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6768466-3042-434E-A854-8F4E5CEFB0CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{D91B1BC5-BF8F-4B85-AF8A-C2A9285454E9}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E4016252-7F36-49CC-B854-92E93EA61345}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E44AA3DE-D7A0-4792-8B42-72085C953E57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E623E1E0-A278-4A80-9720-DB52F504E64C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E96AD7C7-2ABB-48AB-858D-1AD1619F3F55}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{F1FDCCEE-AA47-4627-8138-EA663B730DEE}" = protocol=6 | dir=out | app=system |
"{F427E323-24C0-4E9E-A43A-8AFEC5F516B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{5497047A-44F2-4189-85BE-76F6B8DF92AF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4588A9C6-D75C-4CC8-944C-A5863D4A27A4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{39BFB173-09EB-4286-84E1-2FAFC97107E1}" = ESET NOD32 Antivirus
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FD27F016-131B-48DF-B110-DF3F82714170}" = O&O Defrag Professional
"CCleaner" = CCleaner
"HashTab" = HashTab 5.1.0.23
"Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1" = Revo Uninstaller Pro 3.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alt.Binz" = Alt.Binz 0.39.4
"Athan" = Athan Basic 4.4
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Picasa 3" = Picasa 3
"Q2xvbmluZ0NseWRldjEwMTk3MA==_is1" = Cloning Clyde v1.0.197.0 (c) NinjaBee version 1
"QuickPar" = QuickPar 0.9
"RegSeeker" = RegSeeker
"Security Task Manager" = Security Task Manager 1.8g
"SpeedFan" = SpeedFan (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.6
"tvbrowser" = TV-Browser 3.3a
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 03.05.2013 20:32:48 | Computer Name = VITALITASIA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 20:33:18 | Computer Name = VITALITASIA-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 28.04.2013 16:53:54 | Computer Name = VITALITASIA-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.04.2013 15:42:41 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 29.04.2013 21:23:32 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.04.2013 16:29:35 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 01.05.2013 05:27:22 | Computer Name = VITALITASIA-PC | Source = DCOM | ID = 10010
Description =
Error - 01.05.2013 12:01:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Desktop Update Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.05.2013 13:42:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.05.2013 09:27:17 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "COMODO Virtual Service Manager" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
|
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
