rundll32.dll Virus
Hallo
Ich hab mir vor 2 Tagen irgendein Virus eingefangen, seitdem schließt sich der Taskmanager automatisch wenn ich ihn starte. Hab mir dann einen anderen Taskmanager bei Chip runtergeladen um rauszufinden welcher Prozess immer den normalen Taskmanager schließt. Hab rausgefunden das es rundll32.dll ist, wenn ich den Prozess beende lässt sich der normale Taskmanager wieder starten. Nun ist die Frage wie werde ich den wieder los, löschen funktioniert nicht und ein Autostarteintrag ist nicht vorhanden. Avira zeigt nichts an.
Hab das mal mit OTL und Gmer gescannt weil ich das in einem anderen Thread gelesen hab.
OTL.txt Code:
OTL logfile created on: 22.07.2012 15:18:28 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\X64\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,73% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 2,13 Gb Free Space | 1,46% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 2,48 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive F: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: X64-PC | User Name: X64 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.22 15:04:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\X64\Downloads\OTL.exe
PRC - [2012.06.11 20:20:10 | 002,389,680 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2012.05.11 19:43:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.20 08:37:00 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files (x86)\Athan\Athan.exe
PRC - [2011.10.24 22:21:25 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.24 22:21:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.24 22:21:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.21 17:51:52 | 000,171,848 | ---- | M] (BinarySense Ltd.) -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
========== Modules (No Company Name) ==========
MOD - [2010.03.08 22:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files (x86)\Athan\vbp.dll
MOD - [2004.12.25 13:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files (x86)\Athan\vbh.dll
MOD - [2004.03.20 14:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files (x86)\Athan\vbq.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012.06.11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.20 01:20:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.19 15:28:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.21 17:42:38 | 000,587,840 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.05.11 19:43:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.20 07:59:04 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.24 22:21:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.24 22:21:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.21 17:51:52 | 000,171,848 | ---- | M] (BinarySense Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe -- (HDD & SSD access service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.06.21 17:21:26 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.14 18:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.12.29 22:33:13 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.12 07:41:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.12 07:41:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.08 19:36:30 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)
DRV:64bit: - [2011.11.01 19:01:38 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.24 22:21:25 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.24 22:21:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.21 10:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2010.06.17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.17 10:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2006.10.18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.09.02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/01/14 16:37:43] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2010.03.31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.19 05:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\X64\Downloads\ati_winflash_2.0.1.18\atillk64.sys -- (atillk64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 8E 2F A7 89 92 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\X64\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\X64\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 01:20:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.11 14:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.21 18:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 01:20:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.11 14:18:50 | 000,000,000 | ---D | M]
[2012.05.17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Extensions
[2012.05.17 15:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.20 01:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions
[2012.03.30 07:28:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.07 23:07:43 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\DeviceDetection@logitech.com
[2012.05.17 23:43:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\ich@maltegoetz.de
[2012.07.20 01:19:46 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\Users\X64\AppData\Roaming\mozilla\Firefox\Profiles\d8ro7h5k.default\extensions\synchronize@nokia.suite
[2011.10.25 11:02:08 | 000,000,931 | ---- | M] () -- C:\Users\X64\AppData\Roaming\Mozilla\Firefox\Profiles\d8ro7h5k.default\searchplugins\conduit.xml
[2012.06.05 16:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 01:20:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.26 14:33:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.20 01:20:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.20 01:20:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 01:20:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.20 01:20:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 01:20:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 01:20:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\X64\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\X64\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Google Mail = C:\Users\X64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011.09.21 15:42:00 | 000,000,950 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mp02.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp01.maniaplanet.com
O1 - Hosts: 127.0.0.1 mp03.maniaplanet.com
O1 - Hosts: 127.0.0.1 game.maniaplanet.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
F3:64bit: - HKCU WinNT: Load - (C:\Users\X64\LOCALS~1\Temp\msijulzc.com) - File not found
F3 - HKCU WinNT: Load - (C:\Users\X64\LOCALS~1\Temp\msijulzc.com) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA7DEE7-D696-4974-9499-3F1853A0ACAD}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60FC9E6F-A2DE-4BDD-B88D-12C175E95371}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.19 20:09:27 | 000,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5bbe2205-3268-11e1-8ba0-fbf920f58c71}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbe2205-3268-11e1-8ba0-fbf920f58c71}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011.04.19 20:09:27 | 000,596,187 | R--- | M] (Valve )
O33 - MountPoints2\{ad73554a-01a2-11e1-a6f3-0015833d0a57}\Shell - "" = AutoRun
O33 - MountPoints2\{ad73554a-01a2-11e1-a6f3-0015833d0a57}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll ()
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.21 21:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012.07.21 20:14:19 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Local\TaskManager
[2012.07.21 20:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Extended Task Manager
[2012.07.21 20:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Extended Task Manager
[2012.07.21 20:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TaskManager
[2012.07.21 19:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.07.21 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.07.21 19:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.07.20 01:31:00 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ODEON
[2012.07.20 01:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODEON
[2012.07.20 01:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ODEON
[2012.07.20 01:19:13 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Nokia Suite
[2012.07.20 00:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\ODEON
[2012.07.20 00:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\nokia
[2012.07.17 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Getic3D
[2012.07.17 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\Neuer Ordner (3)
[2012.07.15 16:02:59 | 000,124,928 | ---- | C] (DT Soft Ltd) -- C:\Users\X64\AppData\Roaming\sofxt.dll
[2012.07.15 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\xsecva
[2012.07.15 03:05:26 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.15 03:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.11 16:41:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 16:41:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 16:41:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 16:41:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 16:41:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 16:41:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 16:41:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 16:41:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 16:41:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 16:41:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 16:41:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 16:41:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 16:41:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blueMSX
[2012.07.11 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\openMSX
[2012.07.11 11:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jnes
[2012.07.11 11:25:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 11:25:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 11:25:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 11:25:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 11:25:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 13:20:45 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
[2012.07.10 13:20:33 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\Rigs of Rods 0.38
[2012.07.09 14:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.09 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.09 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.07.09 14:29:13 | 000,000,000 | ---D | C] -- C:\AMD
[2012.07.05 14:35:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.03 15:20:40 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\pcsx2-5331-windows-x86
[2012.07.02 17:24:39 | 000,000,000 | ---D | C] -- C:\Users\X64\Desktop\Neuer Ordner (5)
[2012.07.02 17:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.01 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Local\FLT
[2012.07.01 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\X64\Documents\luciano
[2012.06.30 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012.06.29 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1_beta11
[2012.06.29 18:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warzone 2100-3.1_beta11
[2012.06.27 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Soluto
[2012.06.26 14:59:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.06.26 14:58:58 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Dropbox
[2012.06.26 14:36:28 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012.06.26 14:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012.06.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012.06.26 14:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012.06.26 13:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2012.06.22 19:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.22 15:11:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.22 15:08:17 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 14:58:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571985462-20978480-222790784-1000UA.job
[2012.07.22 14:27:50 | 000,031,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 14:27:50 | 000,031,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 14:25:05 | 010,006,696 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 14:25:05 | 003,391,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 14:25:05 | 003,092,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 14:25:05 | 002,752,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 14:25:05 | 000,006,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 14:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 14:19:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 21:00:51 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012.07.21 19:37:03 | 000,001,873 | ---- | M] () -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 18:58:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571985462-20978480-222790784-1000Core.job
[2012.07.20 12:16:25 | 000,414,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.20 01:35:42 | 000,000,990 | ---- | M] () -- C:\Users\X64\Desktop\JAF_Nokia_BB5Plus_100b_FREE_by_Zulea.lnk
[2012.07.20 01:35:42 | 000,000,930 | ---- | M] () -- C:\Users\X64\Desktop\OGM_JAF_PKEY_Emulator_v6.lnk
[2012.07.20 01:35:42 | 000,000,854 | ---- | M] () -- C:\Users\X64\Desktop\JAFLogger.lnk
[2012.07.20 01:31:00 | 000,001,990 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF COM Emulator.lnk
[2012.07.20 01:31:00 | 000,001,955 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF Logger.lnk
[2012.07.20 01:31:00 | 000,001,909 | ---- | M] () -- C:\Users\X64\Desktop\Launch JAF.lnk
[2012.07.18 04:41:51 | 000,002,404 | ---- | M] () -- C:\Users\X64\Desktop\Xpadder.ini
[2012.07.15 16:02:59 | 000,124,928 | ---- | M] (DT Soft Ltd) -- C:\Users\X64\AppData\Roaming\sofxt.dll
[2012.07.15 00:04:18 | 000,000,705 | ---- | M] () -- C:\Users\X64\Desktop\Counter-Strike Source.lnk
[2012.07.14 20:21:13 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 04:38:53 | 000,000,804 | ---- | M] () -- C:\Users\X64\Documents\countsou.xpadderprofile
[2012.07.12 16:33:23 | 000,001,103 | ---- | M] () -- C:\Users\X64\Desktop\run_css - Verknüpfung.lnk
[2012.07.11 16:39:47 | 000,000,427 | ---- | M] () -- C:\Users\X64\Documents\msx metal gear.xpadderprofile
[2012.07.11 12:53:57 | 000,002,929 | ---- | M] () -- C:\Users\X64\Desktop\blueMSX.lnk
[2012.07.11 11:54:18 | 000,000,947 | ---- | M] () -- C:\Users\X64\Desktop\Jnes.lnk
[2012.07.10 14:16:47 | 000,000,762 | ---- | M] () -- C:\Users\X64\Desktop\Rigs of Rods.lnk
[2012.07.09 16:37:12 | 000,265,258 | ---- | M] () -- C:\Users\X64\Desktop\OptiFine_1.2.5_HD_MT_C3.zip
[2012.07.09 16:16:23 | 000,002,067 | ---- | M] () -- C:\Users\X64\Documents\mcedit.ini
[2012.06.30 17:51:11 | 000,001,973 | ---- | M] () -- C:\Users\X64\Desktop\JDownloader 2.lnk
[2012.06.29 18:13:21 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.06.29 18:13:21 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.06.29 18:13:20 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Warzone 2100-3.1_beta11.lnk
[2012.06.27 12:35:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.26 14:36:50 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.06.24 12:59:28 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Resident Evil Operation Raccoon City.lnk
[2012.06.24 12:59:11 | 000,004,930 | ---- | M] () -- C:\Users\X64\AppData\Roaming\PStrip.ini
[2012.06.24 12:59:11 | 000,004,930 | ---- | M] () -- C:\Users\X64\AppData\Roaming\PStrip.bak
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.21 21:00:51 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012.07.21 19:35:04 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.21 19:35:04 | 000,001,873 | ---- | C] () -- C:\Users\X64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 01:34:54 | 017,455,534 | ---- | C] () -- C:\Users\X64\Desktop\JAFSetup_1.98.62.exe
[2012.07.20 01:31:00 | 000,001,990 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF COM Emulator.lnk
[2012.07.20 01:31:00 | 000,001,955 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF Logger.lnk
[2012.07.20 01:31:00 | 000,001,909 | ---- | C] () -- C:\Users\X64\Desktop\Launch JAF.lnk
[2012.07.20 00:48:48 | 000,000,990 | ---- | C] () -- C:\Users\X64\Desktop\JAF_Nokia_BB5Plus_100b_FREE_by_Zulea.lnk
[2012.07.20 00:48:48 | 000,000,930 | ---- | C] () -- C:\Users\X64\Desktop\OGM_JAF_PKEY_Emulator_v6.lnk
[2012.07.20 00:48:48 | 000,000,854 | ---- | C] () -- C:\Users\X64\Desktop\JAFLogger.lnk
[2012.07.14 20:20:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 04:38:52 | 000,000,804 | ---- | C] () -- C:\Users\X64\Documents\countsou.xpadderprofile
[2012.07.12 16:32:55 | 000,001,103 | ---- | C] () -- C:\Users\X64\Desktop\run_css - Verknüpfung.lnk
[2012.07.12 16:01:55 | 000,000,705 | ---- | C] () -- C:\Users\X64\Desktop\Counter-Strike Source.lnk
[2012.07.11 13:03:10 | 000,000,427 | ---- | C] () -- C:\Users\X64\Documents\msx metal gear.xpadderprofile
[2012.07.11 12:53:57 | 000,002,929 | ---- | C] () -- C:\Users\X64\Desktop\blueMSX.lnk
[2012.07.11 11:53:41 | 000,000,947 | ---- | C] () -- C:\Users\X64\Desktop\Jnes.lnk
[2012.07.10 14:16:47 | 000,000,762 | ---- | C] () -- C:\Users\X64\Desktop\Rigs of Rods.lnk
[2012.07.09 16:37:09 | 000,265,258 | ---- | C] () -- C:\Users\X64\Desktop\OptiFine_1.2.5_HD_MT_C3.zip
[2012.06.30 17:51:11 | 000,001,973 | ---- | C] () -- C:\Users\X64\Desktop\JDownloader 2.lnk
[2012.06.30 17:44:34 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012.06.29 18:13:20 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Warzone 2100-3.1_beta11.lnk
[2012.06.26 14:36:50 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.06.24 12:59:28 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Resident Evil Operation Raccoon City.lnk
[2012.06.24 12:59:11 | 000,010,511 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bk!
[2012.06.24 12:58:58 | 000,009,151 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bko
[2012.04.22 19:45:28 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.19 15:29:16 | 000,000,000 | ---- | C] () -- C:\Users\X64\AppData\Roaming\gnuplot_history
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.02 07:41:51 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\WavDest.dll
[2012.02.19 02:07:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\MCISPCDLG.DLL
[2012.02.19 02:07:23 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\OUT_WAVE.DLL
[2012.02.19 02:07:22 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\IN_SPC.DLL
[2012.02.19 02:07:22 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SPC700EMU.DLL
[2012.02.13 19:31:07 | 000,004,930 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.bak
[2012.02.13 19:30:57 | 000,004,930 | ---- | C] () -- C:\Users\X64\AppData\Roaming\PStrip.ini
[2012.02.13 19:28:50 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.09 15:21:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.02.09 15:21:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.12.30 02:25:05 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.12.08 19:36:57 | 000,002,189 | ---- | C] () -- C:\Users\X64\AppData\Local\TempfixPerms.vbs
[2011.12.08 18:04:16 | 000,000,173 | ---- | C] () -- C:\Users\X64\AppData\Local\msmathematics.qat.X64
[2011.12.07 00:51:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.12.04 22:05:22 | 000,012,782 | ---- | C] () -- C:\Users\X64\AppData\Roaming\unins000.msg
[2011.12.04 22:05:19 | 000,007,624 | ---- | C] () -- C:\Users\X64\AppData\Roaming\unins000.dat
[2011.11.14 21:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.11.07 22:05:16 | 000,003,584 | ---- | C] () -- C:\Users\X64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.01 20:27:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.27 19:38:16 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.26 20:52:06 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.26 20:52:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.26 16:39:06 | 000,007,641 | ---- | C] () -- C:\Users\X64\AppData\Local\Resmon.ResmonCfg
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.24 22:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== LOP Check ==========
[2012.07.09 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\.minecraft
[2011.12.22 05:26:57 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Ashampoo
[2012.02.23 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Blender Foundation
[2011.12.11 18:20:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\CBL-Electronics
[2011.12.06 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\concept design
[2012.05.20 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\DAEMON Tools Lite
[2012.06.27 17:42:48 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Dropbox
[2011.12.04 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\FarmingSimulator2008
[2011.12.29 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\fltk.org
[2012.02.19 02:33:28 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\foobar2000
[2011.12.04 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Franzis
[2011.11.28 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Free Audio Editor
[2011.11.19 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\GameRanger
[2012.01.25 09:44:54 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\GetRightToGo
[2012.06.30 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ICQ
[2011.10.25 19:00:13 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ImTOO
[2012.01.11 17:46:12 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\JAM Software
[2011.11.19 16:25:54 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Leadertech
[2011.10.24 23:54:42 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\mkvtoolnix
[2012.01.20 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\MotioninJoy
[2012.05.29 14:36:56 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Mupen64Plus
[2011.12.04 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nik Software
[2012.07.20 01:19:12 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nokia
[2012.07.20 01:19:13 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Nokia Suite
[2011.11.02 16:36:58 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\OpenOffice.org
[2011.10.24 22:27:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Origin
[2012.05.29 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\PC Suite
[2011.11.24 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\pymclevel
[2012.05.06 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Samsung
[2012.03.22 14:53:27 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Seeing Machines
[2012.06.27 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Soluto
[2011.12.27 00:28:31 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Stereoscopic Player
[2012.03.19 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Synthesia
[2011.11.18 20:04:46 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Teeworlds
[2011.12.08 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Texas Instruments
[2011.11.08 22:36:55 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Thunderbird
[2011.12.08 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TI-Nspire
[2012.05.17 15:59:44 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TomTom
[2012.04.25 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TS3Client
[2011.12.08 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\TuneUp Software
[2012.06.09 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Tunngle
[2011.11.08 23:34:38 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\ultrastardx
[2011.11.30 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\Uniblue
[2012.05.21 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\uTorrent
[2012.07.18 13:58:40 | 000,000,000 | ---D | M] -- C:\Users\X64\AppData\Roaming\xsecva
[2011.12.08 23:22:42 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.07.08 18:44:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012.07.22 14:19:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012.07.22 14:20:04 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
[2012.01.14 16:55:46 | 000,005,790 | ---- | M] () -- C:\shared.log
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2011.05.13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2011.10.31 17:42:59 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.10.31 17:42:59 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.06.02 10:43:51 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2010.11.21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\system32\user32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\system32\ws2_32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\system32\ws2help.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Files - Unicode (All) ==========
[2011.12.01 19:59:04 | 110,390,928 | ---- | M] ()(C:\Users\X64\Desktop\?? ????? ?? ??? ?????.mp4) -- C:\Users\X64\Desktop\أم كلثوم ــ هذه ليلتي.mp4
[2011.12.01 19:51:26 | 110,390,928 | ---- | C] ()(C:\Users\X64\Desktop\?? ????? ?? ??? ?????.mp4) -- C:\Users\X64\Desktop\أم كلثوم ــ هذه ليلتي.mp4
[2011.12.01 19:38:51 | 132,357,004 | ---- | C] ()(C:\Users\X64\Desktop\?? ????? ?? ???? ??? ?? ?????.flv) -- C:\Users\X64\Desktop\أم كلثوم ــ بعيد عنك ــ كاملة.flv
[2011.11.27 23:13:15 | 132,357,004 | ---- | M] ()(C:\Users\X64\Desktop\?? ????? ?? ???? ??? ?? ?????.flv) -- C:\Users\X64\Desktop\أم كلثوم ــ بعيد عنك ــ كاملة.flv
< End of report >
Gmer Log.txt Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 15:16:56
Windows 6.1.7601 Service Pack 1
Running: jtpki3qh.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@2cd2e7566c3f 0x79 0xD0 0xE7 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@0024ef9c9a42 0x30 0xE0 0x67 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@0024eff6c29e 0x72 0x52 0x61 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@001c354903d1 0xAF 0x0D 0x39 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xF2 0xA0 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9D 0x6E 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA2 0x5D 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@2cd2e7566c3f 0x79 0xD0 0xE7 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@0024ef9c9a42 0x30 0xE0 0x67 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@0024eff6c29e 0x72 0x52 0x61 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@001c354903d1 0xAF 0x0D 0x39 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xF2 0xA0 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9D 0x6E 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA2 0x5D 0xD7 ...
---- EOF - GMER 1.0.15 ----
Hoffe jemand kann mir helfen. Danke |
