|
Windows blockiert und hätte gerne 50 Euro um sich wieder freischalten zu lassen hallo, habe wie einige andere auch das Problem das mein Windows blockiert und die einzige möglichkeit ist 50 Euro zu bezahlen... habe mir nun auch einige Themen darüber durchgelesen und nun ist meine Frage aber wie ich etwas installieren oder starten kann obwohl ich nur den schwarzen Bildschirm auf dem Desktop habe Oo ich kann auch auf keine Programme über den Taskmanager zugreifen oder sonst irgend ein anderes Programm öffnen! hoffe ihr könnt mir helfen bin in Sachen PCs nicht so der hellste xD, danke im voraus Gruss Dennis |
hi, pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: activex
|
Hat nun etwas länger gedauert da ich arbeiten musste, habe nun das programm ausgeführt und folgende texte erhalten OTL.Txt OTL logfile created on: 04.01.2012 18:51:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Kröger\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,33% Memory free 8,00 Gb Paging File | 7,30 Gb Available in Paging File | 91,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,22 Gb Total Space | 787,54 Gb Free Space | 85,77% Space Free | Partition Type: NTFS Drive D: | 13,20 Gb Total Space | 2,77 Gb Free Space | 20,96% Space Free | Partition Type: NTFS Computer Name: COMPAQ | User Name: Dennis Kröger | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dennis Kröger\Downloads\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (SearchAnonymizer) -- C:\Users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\amd64\novacomd.exe (Palm) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.) SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia) DRV:64bit: - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100128.025\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100128.025\ENG64.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys () DRV - (tcpipBM) -- C:\Windows\SysWow64\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9 FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 17:14:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.05 17:46:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.05 17:46:01 | 000,000,000 | ---D | M] [2009.11.29 18:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Extensions [2012.01.04 18:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions [2009.12.20 11:36:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.05 17:45:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.12 14:44:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.20 19:22:52 | 000,000,000 | ---D | M] (softonic-Germany Community Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0} [2011.03.22 16:33:15 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.08.12 14:44:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.03 14:16:40 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.12.14 19:32:17 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.02.20 19:22:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Kröger\AppData\Roaming\mozilla\Firefox\Profiles\1q0dxz0l.default\extensions\engine@conduit.com [2011.01.08 11:23:32 | 000,000,935 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\conduit.xml [2011.12.29 20:12:58 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-1.xml [2011.04.05 17:49:23 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-10.xml [2010.02.20 00:13:04 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-2.xml [2010.03.31 16:39:04 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-3.xml [2010.04.05 17:46:16 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-4.xml [2010.09.10 18:39:44 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-5.xml [2010.09.23 13:09:10 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-6.xml [2010.11.04 17:47:46 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-7.xml [2010.12.29 21:43:14 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-8.xml [2011.02.21 23:39:12 | 000,000,961 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin-9.xml [2011.04.05 17:45:51 | 000,000,168 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.gif [2011.04.05 17:45:51 | 000,000,618 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.src [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\icqplugin.xml [2010.12.31 11:51:33 | 000,001,223 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\kikin-search.xml [2009.12.14 19:32:15 | 000,003,915 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\sweetim.xml [2009.11.29 21:55:53 | 000,002,486 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{0C8A9D37-8AE6-4FCB-8C8A-83D999EDD1E1}.xml [2009.11.29 21:55:53 | 000,001,058 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{844DD9B9-DA23-43B7-952A-67E5353C2DA1}.xml [2009.11.29 21:55:53 | 000,002,152 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{A1A30ECE-7CFA-43A8-BFFB-C439CD5085B5}.xml [2009.11.29 21:55:53 | 000,001,834 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{C31FAF09-FAEE-4EB9-B8E3-9B47E6AE2735}.xml [2009.11.29 21:55:53 | 000,024,003 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{EF879F44-AD60-49D9-A8C5-A6BC91B51E51}.xml [2009.11.29 21:55:53 | 000,002,041 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Mozilla\Firefox\Profiles\1q0dxz0l.default\searchplugins\{F41C7E40-ECCA-4B09-854A-B27A8DB4C9CC}.xml [2012.01.04 18:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.11.29 19:04:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.20 00:33:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.10.11 17:14:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{A51A36E6-31E7-4838-9FF7-76298B527EC0} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847} File not found (No name found) -- C:\USERS\DENNIS KRöGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1Q0DXZ0L.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.04 17:47:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.04 17:47:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.04 17:47:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.04 17:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.04 17:47:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Program Files (x86)\softonic-Germany\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Dennis Kröger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd) O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [flash.exe] C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe () O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O4 - Startup: C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 217.237.151.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAFFBC51-3434-4A7D-9F89-F357D11D4D28}: DhcpNameServer = 192.168.1.1 217.237.151.97 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\symres - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.07 17:53:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\Documents\RCT3 [2011.12.07 17:53:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\AppData\Roaming\Atari [2011.12.07 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis Kröger\AppData\Roaming\Leadertech [2011.12.07 17:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2011.12.07 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2010.01.13 00:30:37 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2010.01.13 00:30:37 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2010.01.13 00:30:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll ========== Files - Modified Within 30 Days ========== [2012.01.04 18:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 18:39:56 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.01.04 18:18:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.04 18:15:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.04 17:41:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.04 17:41:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.04 17:41:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.04 17:41:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.04 17:41:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.04 17:36:40 | 000,000,000 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Local\{FBB7CEB3-7657-4256-8F8D-104CF045DB59} [2012.01.03 21:26:35 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.03 21:26:35 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 10:37:47 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2011.12.27 19:43:51 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDennis Kröger.job [2011.12.16 13:23:25 | 000,331,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.07 17:52:59 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.12.07 17:52:56 | 000,001,215 | ---- | M] () -- C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2011.12.07 17:49:56 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2011.12.06 22:04:32 | 530,117,192 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012.01.04 17:36:40 | 000,000,000 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Local\{FBB7CEB3-7657-4256-8F8D-104CF045DB59} [2011.12.26 16:03:58 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDennis Kröger.job [2011.12.07 17:52:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.12.07 17:52:56 | 000,001,215 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2011.12.07 17:49:56 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2010.08.25 21:10:50 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.25 21:10:34 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.25 21:10:34 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.04.28 15:06:20 | 000,000,276 | ---- | C] () -- C:\Users\Dennis Kröger\AppData\Roaming\wklnhst.dat [2010.01.13 00:30:51 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2010.01.13 00:30:49 | 000,827,392 | ---- | C] () -- C:\Windows\vsnp325.exe [2010.01.13 00:30:49 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2010.01.13 00:30:48 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2009.12.20 11:31:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.16 19:35:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.10.01 01:40:06 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.10.01 01:05:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.05.26 17:38:12 | 000,031,880 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys ========== LOP Check ========== [2011.12.07 17:53:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Atari [2009.12.20 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Bytemobile [2009.11.29 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Desktopicon [2011.08.27 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoft [2011.03.26 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.27 00:07:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\go [2009.12.29 17:07:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\gtk-2.0 [2012.01.03 21:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\ICQ [2010.04.29 14:41:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\InterTrust [2010.02.16 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\kikin [2011.12.07 17:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Leadertech [2012.01.03 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\LimeWire [2010.11.13 17:08:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\LolClient [2009.11.29 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\OCS [2009.11.29 21:55:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Opera [2010.04.28 15:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\Template [2011.07.08 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\TS3Client [2011.06.03 13:49:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\ts3overlay [2009.12.01 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\WildTangent [2009.12.16 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis Kröger\AppData\Roaming\_MDLogs [2011.12.31 10:37:47 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.01.04 17:46:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.16 20:40:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.29 14:41:37 | 000,000,000 | ---D | M] -- C:\BlueByte [2011.04.15 17:34:39 | 000,000,000 | ---D | M] -- C:\deee2266b086b94135e39490d14aa7 [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.11.29 18:49:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.27 21:07:39 | 000,000,000 | ---D | M] -- C:\gPotato.eu [2010.03.31 09:20:27 | 000,000,000 | -H-D | M] -- C:\hp [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.03.07 15:36:48 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.07 17:46:57 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.27 00:48:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.11.29 18:49:15 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.13 17:04:14 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.01.03 16:39:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.04.03 14:16:41 | 000,000,000 | R--D | M] -- C:\Users [2012.01.04 18:26:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaSt orV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll |
< MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvsto r.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.11.14 12:03:10 | 000,000,887 | ---- | M] () -- C:\Users\Dennis Kröger\.recently-used.xbel [2012.01.04 19:06:03 | 002,359,296 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT [2012.01.04 19:06:03 | 000,262,144 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.dat.LOG1 [2009.11.29 18:49:37 | 000,000,000 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.dat.LOG2 [2009.11.30 01:04:15 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2009.11.30 01:04:15 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.11.30 01:04:15 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.04.29 02:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TM.blf [2011.04.29 02:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms [2011.04.29 02:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{31313c28-71a4-11e0-9257-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms [2011.05.13 02:01:21 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TM.blf [2011.05.13 02:01:21 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms [2011.05.13 02:01:21 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{315331d5-7ca8-11e0-aabf-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms [2011.05.31 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TM.blf [2011.05.31 22:02:37 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms [2011.05.31 22:02:37 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{40a7a3ae-87ab-11e0-b01c-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms [2010.11.29 07:13:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TM.blf [2010.11.29 07:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TMContainer00000000000000000001.regtrans-ms [2010.11.29 07:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis Kröger\NTUSER.DAT{4ba991bc-fa17-11df-97af-002481cdfb3b}.TMContainer00000000000000000002.regtrans-ms [2009.11.29 18:49:37 | 000,000,020 | -HS- | M] () -- C:\Users\Dennis Kröger\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.TxtOTL EXTRAS Logfile: Code: OTL Extras logfile created on: 04.01.2012 18:51:29 - Run 1kann damit nun überhaupt nix anfangen :balla: |
hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code: :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html |
also nu läuft mein pc wieder vielen dank dafür =) All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\flash.exe deleted successfully. C:\Users\Dennis Kröger\AppData\Roaming\Adobe\Flash Player\flash.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: Dennis Kröger ->Flash cache emptied: 73035 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dennis Kröger ->Temp folder emptied: 3463625945 bytes ->Temporary Internet Files folder emptied: 213932664 bytes ->Java cache emptied: 285075844 bytes ->FireFox cache emptied: 155572150 bytes ->Google Chrome cache emptied: 6363821 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 123798341 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.052,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01052012_164451 Files\Folders moved on Reboot... C:\Users\Dennis Kröger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... was kann ich denn nun machen damit sowas nicht wieder passiert? LG Dennis |
du bist doch noch nicht fertig, was ist mit dem rest der anleitung, dem upload? |
hja sry....habs nun hochgeladen und nu? fertig oder kommt noch was? |
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
|
Combofix Logfile: Code: ComboFix 12-01-06.03 - Dennis Kröger 07.01.2012 17:44:27.1.4 - x64 NETWORK |
hi, du sagst das problem ist noch mal aufgetreten, per pm, bitte das nächste mal hier ins forum schreiben, da wo es hingehört :-) versuche combofix noch mal im abgesicherten modus. wenn du in der zwischenzeit auf anderen seiten surfst, unterlasse es bitte mit diesem pc. poste das neue cf log. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:43 Uhr. |
Copyright ©2000-2025, Trojaner-Board