| virushasser8 | 03.01.2012 15:07 |
DANKE
ICH HABE ES GEMACHT WAS MEINEN SIE MIT ALLES PROGRAMME BEENDEN
ICH HABE ELIDER AM ANFANG DES SCANNEN GEMRKT DAS DAS INTERNET NOCH ANWAR DAS ICH BEENDET HABE
IST DAS JETZ RICGTIG?
OTL Logfile: Code:
OTL logfile created on: 1/3/2012 2:59:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\-Pascal-\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6.00 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 76.29% Memory free
12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.74 Gb Total Space | 330.64 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
Drive D: | 13.60 Gb Total Space | 1.67 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive P: | 453.08 Gb Total Space | 449.82 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Computer Name: -PASCAL-PC | User Name: -Pascal- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/03 14:58:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\-Pascal-\Downloads\OTL.exe
PRC - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/21 15:50:01 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe
PRC - [2011/03/01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe
PRC - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/25 11:45:28 | 000,328,704 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/07/21 00:14:38 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe
PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe
PRC - [2001/05/14 20:28:46 | 001,095,680 | ---- | M] (AlexSoft) -- C:\Program Files (x86)\IChat\iChat.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/21 15:50:01 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2010/04/25 11:26:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll
MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/10 15:32:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService)
SRV - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/22 14:20:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/11/22 14:20:31 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/04 14:30:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/03 14:10:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/02 01:59:02 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/12/02 01:59:02 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/16 15:26:38 | 000,022,016 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 2F 3F 5D 26 C0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13"
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.1.0
FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=CF2CB85E-6205-488F-B203-91DE7077CCE6&apn_ptnrs=96&apn_sauid=8726ABEA-AE9B-44AD-823B-04216B9D0BC8&apn_dtid=YYYYYYYYDE&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/02 01:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/02 01:43:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\-Pascal-\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
[2011/01/02 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Extensions
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions
[2011/01/08 21:13:16 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/12/28 10:02:04 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/04 19:25:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/12/02 15:18:49 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\ffxtlbr@incredibar.com
[2011/12/03 20:05:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\toolbar@ask.com
[2011/03/26 19:51:36 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-2.xml
[2011/05/07 07:52:48 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-3.xml
[2011/07/19 11:22:40 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-4.xml
[2011/08/31 15:33:23 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-5.xml
[2011/09/01 20:38:59 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-6.xml
[2011/12/02 13:09:54 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-7.xml
[2011/12/28 10:22:26 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-8.xml
[2010/05/12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin.xml
[2011/12/02 15:18:46 | 000,002,201 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\MyStart Search.xml
[2012/01/02 15:29:38 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\search-results.xml
[2011/12/03 09:10:54 | 000,002,270 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\SearchTheWeb.xml
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/01/06 20:47:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011/11/20 17:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 17:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 17:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 17:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 17:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [iChat] C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2602F395-FC82-414A-919C-E03F3E080502}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2003/10/06 08:52:36 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE - (Hewlett-Packard Company)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk - C:\PROGRA~2\WeGame\wegame.exe - (WeGame.com, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^-Pascal-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
MsConfig:64bit - StartUpReg: iChat - hkey= - key= - C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/30 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\grafiti
[2011/12/28 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\xfire
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Conduit
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/12/28 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/12/28 09:27:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/12/27 13:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo Games
[2011/12/25 14:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/12/25 10:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Driver
[2011/12/25 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mouse Driver
[2011/12/24 12:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
[2011/12/23 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\musik
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Cross Fire
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/12/23 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2011/12/23 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/23 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive
[2011/12/23 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\CrossFire_1082
[2011/12/20 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Malwarebytes
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/20 17:32:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/20 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/18 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bau-Simulator 2012 Demo
[2011/12/18 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bau-Simulator 2012 Demo
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Kalypso Media
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Airline Tycoon 2-Demo
[2011/12/18 11:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/12/18 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2011/12/18 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTL Winter Sports 2009
[2011/12/18 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Sports
[2011/12/18 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tank Simulation Demo
[2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo
[2011/12/17 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Criterion Games
[2011/12/17 12:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/12/17 12:05:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/17 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/12/17 11:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2011/12/17 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\GamersFirst LIVE!
[2011/12/17 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\PMB Files
[2011/12/17 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/12/17 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/12/17 10:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/12/17 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2011/12/17 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2004
[2011/12/17 10:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biathlon 2004
[2011/12/17 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/12/15 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2009 (Demo)
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.1
[2011/12/15 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewFreeScreensavers
[2011/12/14 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tetris Unlimited
[2011/12/14 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\PROGRAM
[2011/12/14 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011/12/11 12:41:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/12/10 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\meine 3ds bilder
[2011/12/10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/12/10 16:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/12/10 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner
[2011/12/10 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft
[2011/12/10 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/10 16:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kikin
[2011/12/09 11:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D
[2011/12/09 11:53:48 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/08 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Avira
[2011/12/08 18:15:00 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/08 18:15:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/08 18:15:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/06 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/05 21:03:53 | 000,000,000 | RH-D | C] -- C:\Users\-Pascal-\AppData\Roaming\SecuROM
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\ArmA
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\ArmA
[2011/12/05 20:39:36 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/05 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/05 20:39:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/05 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/12/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/12/04 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Battlefield 2
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 14:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 14:55:57 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 09:55:05 | 000,000,082 | ---- | M] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/03 09:39:33 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/02 15:53:02 | 000,000,219 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:35:08 | 000,001,218 | ---- | M] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/30 17:03:44 | 000,009,216 | ---- | M] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 09:54:00 | 000,000,574 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | M] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/23 11:41:04 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/23 11:41:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/20 17:33:00 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 15:29:10 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 14:07:23 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:37 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 05:41:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:46:11 | 000,001,320 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Auslogics Disk Defrag.lnk
[2011/12/10 16:44:25 | 000,001,145 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:19 | 001,188,624 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/07 14:45:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/07 14:42:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/07 14:42:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/07 14:42:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/07 14:42:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/07 14:42:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/05 13:44:30 | 000,002,296 | ---- | M] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/03 09:55:05 | 000,000,082 | ---- | C] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/02 15:53:02 | 000,000,219 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:36:43 | 000,001,218 | ---- | C] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/28 09:27:40 | 000,000,574 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | C] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/20 17:33:00 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:47:36 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 16:58:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/15 16:39:49 | 008,782,382 | ---- | C] () -- C:\Windows\SysWow64\nfsFirePlace02.scr
[2011/12/15 05:41:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | C] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:44:25 | 000,001,145 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:20 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/07 14:45:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/06 18:45:47 | 001,188,624 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/05 13:44:30 | 000,002,296 | ---- | C] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2011/12/02 15:26:00 | 000,009,216 | ---- | C] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 15:18:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/05/22 13:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2011/03/28 13:51:43 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011/03/28 13:51:43 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011/03/28 13:48:55 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/28 13:30:11 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011/03/28 13:30:11 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011/03/19 13:52:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/05 08:49:58 | 000,001,237 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/04 14:25:32 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011/03/04 14:24:33 | 000,000,266 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/02/15 15:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 19:19:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/02/09 19:19:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/09 19:19:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 15:38:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/02 02:02:20 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/02 01:37:46 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/12/02 01:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/10 03:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
========== LOP Check ==========
[2011/01/03 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Auslogics
[2011/12/10 16:45:15 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/02 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\GrabPro
[2011/12/20 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ICQ
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/03/09 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\MysteryStudio
[2011/12/17 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/01/16 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenOffice.org
[2011/12/08 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Orbit
[2011/01/02 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\PictureMover
[2011/12/02 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProgSense
[2011/12/18 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProtectDisc
[2011/01/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\QuickStoresToolbar
[2011/01/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\RedDotGames
[2011/01/09 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Tific
[2011/03/28 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ubi.com
[2011/12/15 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Ubisoft
[2011/06/04 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2
[2011/06/04 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2011/06/04 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Marine World
[2011/01/02 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\WildTangent
[2011/12/27 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\_MDLogs
[2011/12/28 10:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/02/14 17:09:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/23 11:47:19 | 000,000,000 | ---D | M] -- C:\CFLog
[2011/12/09 16:24:55 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/12/06 19:00:08 | 000,000,000 | ---D | M] -- C:\downloads
[2011/12/28 09:38:44 | 000,000,000 | ---D | M] -- C:\Fraps
[2010/12/02 01:38:08 | 000,000,000 | RHSD | M] -- C:\hp
[2011/03/19 15:34:51 | 000,000,000 | ---D | M] -- C:\JANES
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/23 11:34:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/29 11:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/28 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/12/08 19:48:03 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2011/03/04 14:24:45 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011/01/02 17:03:59 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/01/03 15:01:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/02/14 17:09:35 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/03 14:56:01 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/12/02 01:59:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2012/01/03 15:10:33 | 002,883,584 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT
[2012/01/03 15:10:32 | 000,262,144 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG1
[2011/01/02 15:37:55 | 000,000,000 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG2
[2011/01/02 18:22:33 | 000,065,536 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/01/02 15:37:55 | 000,000,020 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
--- --- --- |
