Trojaner-Board - Bundespolizei Virus

Hallo,
ich habe nun auch den Bundespolizei-Virus. Ich habe mir schon die Boot-CD mit OTLPENet.exe gemacht, sowie OTLP gestartet. Hier sind die Logs:

OTL.txt:

Code:

OTL logfile created on: 8/7/2011 12:36:47 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS

Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/07/02 08:11:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/15 08:05:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/04/28 15:55:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/16 05:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/25 08:10:01 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009/09/24 14:03:00 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/04/30 07:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/19 20:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2009/02/23 05:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2009/02/23 05:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008/10/20 16:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/07/02 08:11:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/07/02 08:11:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/10/02 07:15:47 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2009/10/02 07:15:47 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)

DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009/04/08 09:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/03/19 21:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009/01/13 13:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2009/01/13 13:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2009/01/13 13:14:40 | 000,036,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)

DRV:64bit: - [2009/01/13 13:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2009/01/13 13:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2008/08/18 13:37:45 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2008/05/16 07:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV:64bit: - [2008/05/16 07:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV:64bit: - [2008/05/16 07:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2008/05/16 07:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV:64bit: - [2008/05/16 07:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV:64bit: - [2008/05/16 07:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV:64bit: - [2008/05/16 07:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV:64bit: - [2008/02/02 16:24:00 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x64.sys -- (L1E)

DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2008/01/09 07:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV:64bit: - [2007/03/05 06:03:59 | 002,048,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2007/03/05 06:03:48 | 000,147,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2007/03/05 06:03:26 | 000,290,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2007/03/05 06:03:20 | 000,017,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2007/03/05 06:03:13 | 000,218,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2007/03/05 06:02:53 | 000,862,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2007/03/05 06:02:47 | 000,580,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2007/03/05 05:58:53 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV:64bit: - [2007/03/05 05:58:48 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV:64bit: - [2007/03/05 05:58:43 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV:64bit: - [2007/03/05 05:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV:64bit: - [2007/03/05 05:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV:64bit: - [2007/03/05 05:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV:64bit: - [2007/03/05 05:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV:64bit: - [2007/03/05 05:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV:64bit: - [2007/03/05 05:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV:64bit: - [2007/03/05 05:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV:64bit: - [2007/03/05 05:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)

DRV:64bit: - [2007/02/08 13:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007/01/23 03:20:34 | 000,040,216 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vcd9bus.sys -- (vcd9bus)

DRV:64bit: - [2007/01/18 10:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)

DRV:64bit: - [2006/10/31 11:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2006/08/11 09:50:02 | 000,078,208 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV:64bit: - [2006/07/05 08:41:45 | 000,075,640 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2002/07/17 11:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Andreas_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\Andreas_ON_C\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - Reg Error: Key error. File not found

IE - HKU\Andreas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\Opera\program\plugins\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  

FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/03 08:45:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/28 10:15:59 | 000,000,000 | ---D | M]

 

[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions

[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

 

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.

O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKU\Andreas_ON_C..\Run: [4Y3Y0C3A8F7XZA5WSGYKCA] C:\Recycle.Bin\B6232F3A820.exe (Got Idle Testy Glob)

O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--110403623/lc--de/room--5800b24c-f8d7-4149-81c2-3a7f7a5a1891/online/peggle/de/popcaploader_v10_en.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\Andreas_ON_C Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) - C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe ()

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun

O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun

O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe

O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe

O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe

O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011/07/27 12:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion

[2011/07/24 09:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/07/24 09:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2011/07/24 09:13:41 | 006,284,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe

[2011/07/13 10:25:14 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll

[2011/07/13 10:25:11 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011/07/13 10:25:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2010/11/06 17:53:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC325.dll

[2010/09/26 07:35:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2009/06/03 18:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/08/06 18:22:38 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 18:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/08/06 18:14:31 | 000,777,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/08/06 18:14:31 | 000,720,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/08/06 18:14:31 | 000,190,712 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/08/06 18:14:31 | 000,154,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/08/06 18:04:32 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx

[2011/08/06 17:27:40 | 000,531,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/08/06 14:41:47 | 000,292,437 | ---- | M] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent

[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job

[2011/07/27 15:40:22 | 000,000,930 | ---- | M] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk

[2011/07/27 12:46:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011/07/26 12:31:30 | 000,019,968 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/24 09:15:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/07/24 09:14:52 | 006,284,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe

[2011/07/19 09:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011/08/06 14:41:47 | 000,292,437 | ---- | C] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent

[2011/07/27 15:40:22 | 000,000,930 | ---- | C] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk

[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/02/26 09:41:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2010/10/31 08:02:34 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat

[2010/10/26 15:53:39 | 000,001,460 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps64.dat

[2010/10/24 17:48:38 | 000,017,043 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png

[2010/09/26 07:35:04 | 000,325,724 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2010/09/26 07:35:04 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat

[2010/09/26 07:35:04 | 000,055,904 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2010/09/26 07:35:04 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat

[2010/09/26 07:35:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010/06/11 06:00:57 | 000,000,473 | ---- | C] () -- C:\Windows\eReg.dat

[2010/04/16 17:24:33 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL

[2009/12/18 07:38:05 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll

[2009/11/04 13:09:27 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2009/10/25 10:58:05 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat

[2009/09/24 11:34:10 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2009/09/24 06:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/24 06:26:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2009/09/24 06:25:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/08/19 05:17:51 | 000,019,968 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/04 10:17:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe

[2009/08/04 10:17:47 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

[2009/06/03 19:37:08 | 000,097,713 | R--- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/03 18:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll

[2009/06/03 18:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2009/05/30 08:16:28 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2009/05/29 11:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 11:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/05/27 03:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2009/04/06 16:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI

[2009/04/05 11:05:37 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat

[2009/01/30 08:31:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2009/01/30 08:31:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2009/01/30 08:31:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2009/01/30 08:24:43 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008/08/20 15:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008/08/20 05:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008/08/18 14:08:26 | 000,000,374 | ---- | C] () -- C:\Windows\wininit.ini

[2008/08/18 13:05:28 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008/08/15 05:39:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2008/08/15 05:39:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2008/08/15 05:39:10 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2008/08/15 05:19:41 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BelkinInsDrvZD.dll

[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe

[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox9x.exe

[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinUnplugMessageBox.exe

[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox.exe

[2008/08/13 04:13:06 | 001,723,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/08/13 04:11:57 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL

[2008/08/13 04:11:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2008/08/13 04:11:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007/09/04 07:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2007/03/05 03:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL

[2007/03/05 03:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE

[2007/02/05 15:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2005/10/04 11:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL

[2002/08/13 11:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe

[1933/10/17 04:19:52 | 007,254,894 | ---- | C] () -- C:\Windows\SysWow64\speed.exe

[1933/10/17 04:19:52 | 000,380,928 | R--- | C] () -- C:\Windows\SysWow64\server.dll

 
 ========== LOP Check ==========

 

[2011/08/06 14:52:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Azureus

[2010/07/19 06:05:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bioshock

[2009/04/10 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe_Limited

[2009/12/13 08:46:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2009/03/13 09:49:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CPUControl

[2008/08/18 13:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools

[2009/04/10 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DeepBurner

[2009/06/12 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\hdbADS

[2010/03/10 12:00:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView

[2010/06/15 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien

[2010/06/15 13:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

[2009/07/08 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade

[2010/07/01 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade Warband

[2009/06/12 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MrJobs

[2010/03/16 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Music Recognition

[2010/10/20 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer

[2011/01/29 14:30:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera

[2010/10/24 17:48:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking

[2009/03/10 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\The Creative Assembly

[2010/11/21 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2008/08/27 05:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software

[2011/06/15 11:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Turbine

[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft

[2011/05/15 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uqm

[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VistaCodecs

[2010/07/26 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WB Games

[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2008/10/12 09:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus

[2010/10/26 13:11:11 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare

[2008/11/02 16:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software

[2010/09/23 11:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011/04/10 09:53:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009/07/23 12:07:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009/08/09 06:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MoTeC

[2009/07/08 16:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü

[2008/10/29 18:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam

[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft

[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs

[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2008/11/03 06:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2008/08/13 04:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2010/02/07 12:07:29 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job

[2011/08/06 18:22:34 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job

 
 ========== Purity Check ==========

 

 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 8/7/2011 12:36:47 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS

Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = F5 D8 3F EA 20 3D CA 01  [binary data]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer

"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client

"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer

"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client

"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\Andreas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

< End of report >

Was muss ich jetzt tun?

Gruß theBeGinner

Hier ist das Malwarebytes-Log:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org
 

Datenbank Version: 7467
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19120
 

15.08.2011 00:41:28

mbam-log-2011-08-15 (00-41-28).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|F:\|)

Durchsuchte Objekte: 366550

Laufzeit: 54 Minute(n), 31 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 1

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A8F7XZA5WSGYKCA (Trojan.Spyeyes) -> Value: 4Y3Y0C3A8F7XZA5WSGYKCA -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\Recycle.Bin\b6232f3a820.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.

c:\Recycle.Bin\a7d9b803899d9b1 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Und hier OTL.txt:

Code:

OTL logfile created on: 15.08.2011 15:21:20 - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = C:\

64bit-Windows (TM) Vista Home Premium  (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 8.0.6001.19120)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free

10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698,63 Gb Total Space | 581,13 Gb Free Space | 83,18% Space Free | Partition Type: NTFS

 

Computer Name: ANDREAS-PC | User Name: Andreas

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.02 14:11:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.15 14:05:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.04.28 21:55:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.09.25 14:10:01 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009.09.24 20:03:00 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2002.07.17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

DRV - [2002.07.17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\PROGRA~2\Opera\program\plugins\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  

FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.03 14:45:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.28 16:15:59 | 000,000,000 | ---D | M]

 

[2010.11.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions

[2010.11.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

 

O1 HOSTS File: ([2011.08.15 08:58:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.

O3 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--110403623/lc--de/room--5800b24c-f8d7-4149-81c2-3a7f7a5a1891/online/peggle/de/popcaploader_v10_en.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3256778683-1276042661-1776473585-1003 Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) -  File not found

O24 - Desktop WallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun

O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun

O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AsioReg - hkey= - key= - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: AsioThk32Reg - hkey= - key= - C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: AudioDrvEmulator - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

MsConfig:64bit - StartUpReg: Creative MediaSource Go - hkey= - key= - C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: CreativeTaskScheduler - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)

MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: F5D7050v3 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: FBSSA - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: igndlm.exe - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\System32\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\System32\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Performance Center - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: RCSystem - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)

MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: zerepepa - hkey= - key= -  File not found

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1237F2C6-1D0F-9087-61E3-722F665D4D6F} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {342DA84B-B5F5-7DA5-51CA-DA27053DCCE8} - .NET Framework

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - ff_vfw.dll File not found

Drivers32: vidc.iv31 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.iv32 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)

Drivers32: VIDC.MKVC - C:\Windows\SysWow64\KMVIDC32.DLL ()

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.08.15 08:58:13 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2011.08.15 05:50:37 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.08.15 01:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3

[2011.08.14 23:44:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.08.14 23:44:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.08.14 23:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.08.14 23:22:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes

[2011.08.14 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.08.14 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.08.14 23:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2011.08.07 18:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011.07.27 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011.07.27 18:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011.07.27 18:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion

[2011.07.24 15:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011.07.24 15:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010.11.06 23:53:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC325.dll

[2010.09.26 13:35:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.08.15 11:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.08.15 01:20:56 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job

[2011.08.15 01:01:30 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk

[2011.08.15 01:01:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games

[2011.08.14 23:44:52 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.08.14 23:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.08.14 23:36:05 | 001,821,944 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.08.14 23:14:16 | 000,099,408 | ---- | M] () -- C:\Users\Andreas\Desktop\movedFiles.zip

[2011.07.27 21:40:22 | 000,000,930 | ---- | M] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk

[2011.07.27 18:46:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion

[2011.07.26 18:31:30 | 000,019,968 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.24 15:15:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011.07.19 15:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.08.15 01:01:30 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk

[2011.08.14 23:44:52 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.08.14 23:14:16 | 000,099,408 | ---- | C] () -- C:\Users\Andreas\Desktop\movedFiles.zip

[2011.07.27 21:40:22 | 000,000,930 | ---- | C] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.02.26 15:41:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2010.10.31 14:02:34 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat

[2010.10.26 21:53:39 | 000,001,460 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps64.dat

[2010.10.24 23:48:38 | 000,017,043 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png

[2010.09.26 13:35:04 | 000,325,724 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2010.09.26 13:35:04 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat

[2010.09.26 13:35:04 | 000,055,904 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2010.09.26 13:35:04 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat

[2010.09.26 13:35:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010.06.11 12:00:57 | 000,000,473 | ---- | C] () -- C:\Windows\eReg.dat

[2010.04.16 23:24:33 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL

[2009.12.18 13:38:05 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll

[2009.11.04 19:09:27 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2009.10.25 16:58:05 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat

[2009.09.24 17:34:10 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2009.09.24 12:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.09.24 12:26:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2009.09.24 12:25:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.08.19 11:17:51 | 000,019,968 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.04 16:17:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe

[2009.08.04 16:17:47 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

[2009.06.04 01:37:08 | 000,097,713 | R--- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll

[2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2009.05.30 14:16:28 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2009.04.06 22:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI

[2009.04.05 17:05:37 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat

[2009.01.30 14:31:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2009.01.30 14:31:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2009.01.30 14:31:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2009.01.30 14:24:43 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.08.20 21:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008.08.20 11:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008.08.18 20:08:26 | 000,000,374 | ---- | C] () -- C:\Windows\wininit.ini

[2008.08.18 19:05:28 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.08.15 11:39:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2008.08.15 11:39:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2008.08.15 11:39:10 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2008.08.15 11:19:41 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BelkinInsDrvZD.dll

[2008.08.15 11:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe

[2008.08.15 11:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox9x.exe

[2008.08.15 11:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinUnplugMessageBox.exe

[2008.08.15 11:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox.exe

[2008.08.13 10:13:06 | 001,821,944 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008.08.13 10:11:57 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL

[2008.08.13 10:11:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2008.08.13 10:11:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.09.04 13:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2007.03.05 09:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL

[2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE

[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL

[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe

[1933.10.17 10:19:52 | 007,254,894 | ---- | C] () -- C:\Windows\SysWow64\speed.exe

[1933.10.17 10:19:52 | 000,380,928 | R--- | C] () -- C:\Windows\SysWow64\server.dll

 
 ========== LOP Check ==========

 

[2011.08.14 23:26:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Azureus

[2010.07.19 12:05:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bioshock

[2009.04.10 21:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe_Limited

[2009.12.13 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2009.03.13 15:49:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CPUControl

[2008.08.18 19:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools

[2009.04.10 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DeepBurner

[2009.06.12 13:24:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\hdbADS

[2010.03.10 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView

[2010.06.15 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien

[2010.06.15 19:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien

[2009.07.08 13:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade

[2010.07.01 07:59:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade Warband

[2009.06.12 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MrJobs

[2010.03.16 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Music Recognition

[2010.10.20 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer

[2011.01.29 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera

[2010.10.24 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking

[2009.03.10 19:15:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\The Creative Assembly

[2010.11.21 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird

[2008.08.27 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software

[2011.06.15 17:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Turbine

[2011.03.01 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft

[2011.05.15 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uqm

[2009.10.25 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VistaCodecs

[2010.07.26 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WB Games

[2011.08.15 01:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3

[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2008.10.12 15:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus

[2010.10.26 19:11:11 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare

[2008.11.02 22:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software

[2010.09.23 17:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011.04.10 15:53:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009.07.23 18:07:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009.08.09 12:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MoTeC

[2009.07.08 22:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü

[2008.10.30 00:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2011.03.01 19:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft

[2009.10.25 12:57:42 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs

[2008.08.15 10:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2008.11.03 12:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2011.08.14 23:17:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip

[2008.08.13 10:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2010.02.07 18:07:29 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job

[2011.08.15 03:51:24 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.08.15 01:20:56 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

 

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

 

Invalid Environment Variable: %APPDATA%\*.

 

Invalid Environment Variable: %APPDATA%\*.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2002.08.29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINXPCD\I386\sp1.cab:atapi.sys

[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\System32\user32.dll

[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll

[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[15 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 < CREATERESTOREPOINT >

< End of report >