Trojaner-Board - Firefox - Umleitung bei Googlesuchergebnissen zu bestimmten Stichworten

Hi arahonov,

ja, UAC habe ich bewusst runtergeschraubt, weil sie mir ziemlich auf den Keks ging und ich der vielleicht irrigen Annahme unterlag, daß andere Programme mindestens den gleichen Sicherheitsgrad bieten. Ich habe sie jetzt auf die nächst höhere Stufe gestellt.

Die letzten Logs waren zu groß für das Forum, deshalb hab ich sie angehängt.

Das Clean-Log:

Code:

All processes killed

========== OTL ==========

Service GFilterSvc stopped successfully!

Service GFilterSvc deleted successfully!

C:\Windows\SysNative\GFilterSvc.exe moved successfully.

Service ntoslrnl stopped successfully!

Service ntoslrnl deleted successfully!

C:\Windows\SysNative\odbcki32.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: JMC

->Temp folder emptied: 687294 bytes

->Temporary Internet Files folder emptied: 14354780 bytes

->Java cache emptied: 44871 bytes

->FireFox cache emptied: 96322326 bytes

->Flash cache emptied: 4189 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 11726 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes

RecycleBin emptied: 18373711089 bytes

 

Total Files Cleaned = 17.629,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 04052013_201133
 

Files\Folders moved on Reboot...

C:\Users\JMC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Das Scan-Log:

Code:

OTL logfile created on: 05.04.2013 20:15:38 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JMC\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,79% Memory free

7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,36% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232,79 Gb Total Space | 129,02 Gb Free Space | 55,43% Space Free | Partition Type: NTFS

Drive D: | 78,12 Gb Total Space | 28,23 Gb Free Space | 36,13% Space Free | Partition Type: NTFS

Drive E: | 19,53 Gb Total Space | 19,42 Gb Free Space | 99,43% Space Free | Partition Type: NTFS

Drive F: | 368,10 Gb Total Space | 187,36 Gb Free Space | 50,90% Space Free | Partition Type: NTFS

 

Computer Name: JMC-PC | User Name: JMC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.05 19:06:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JMC\Downloads\OTL.exe

PRC - [2013.04.02 19:59:42 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013.03.23 15:58:15 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2013.03.07 01:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe

PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.12 17:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe

PRC - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.04.02 19:59:41 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013.03.23 15:58:15 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

MOD - [2011.04.19 15:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar DG Audio\Customapp\VmixP8.dll

MOD - [2008.07.11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013.04.02 19:59:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.03.23 15:58:15 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013.03.07 01:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013.03.07 01:33:20 | 000,263,096 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2013.03.07 01:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)

DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013.03.07 01:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013.03.07 01:11:21 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)

DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.10 16:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 3A 15 7D F6 2E CE 01  [binary data]

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: F:\Spiele\Trials\datapack\orbit\npuplaypc.dll (Ubisoft)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.02 19:59:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013.03.22 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JMC\AppData\Roaming\mozilla\Extensions

[2013.04.02 18:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JMC\AppData\Roaming\mozilla\Firefox\Profiles\5mqwmqd7.default\extensions

[2013.04.02 18:55:43 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\JMC\AppData\Roaming\mozilla\firefox\profiles\5mqwmqd7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.04.02 19:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.02 19:59:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)

O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()

O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001..\Run: [RocketDock] F:\Programme\CustoPackTools\utils\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-21-3965404223-4176705129-2935651260-1001\..Trusted Domains: sony.com ([]* in )

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6AFD42E-367D-452B-A742-FB70D960CA8E}: DhcpNameServer = 82.212.62.62 78.42.43.62

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1a12706f-9186-11e2-b2d6-002522065817}\Shell - "" = AutoRun

O33 - MountPoints2\{1a12706f-9186-11e2-b2d6-002522065817}\Shell\AutoRun\command - "" = H:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1

[2013.04.05 20:11:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.04.04 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\vlc

[2013.04.04 21:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013.04.04 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2013.04.04 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\WinRAR

[2013.04.04 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013.04.04 20:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013.04.04 20:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2013.04.02 19:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.01 17:59:36 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Darksiders2

[2013.03.28 19:44:23 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Adobe

[2013.03.28 19:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2013.03.28 19:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2013.03.27 21:32:53 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Darksiders

[2013.03.27 21:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ

[2013.03.27 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ

[2013.03.26 20:41:59 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\FLT

[2013.03.25 15:49:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2013.03.24 20:23:07 | 000,324,419 | ---- | C] (hxxp://magiclauncher.com) -- C:\Users\JMC\Desktop\MagicLauncher_1.0.0.exe

[2013.03.24 20:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013.03.23 16:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013.03.23 16:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013.03.22 22:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2013.03.22 22:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA

[2013.03.22 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Mozilla

[2013.03.22 20:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013.03.22 20:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013.03.22 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013.03.22 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Programs

[2013.03.22 08:55:37 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Malwarebytes

[2013.03.22 08:55:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2013.03.22 08:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.22 08:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.22 08:55:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.03.22 08:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.03.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in

[2013.03.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect

[2013.03.21 20:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

[2013.03.21 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2013.03.21 20:38:22 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Winamp

[2013.03.21 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp

[2013.03.20 20:43:19 | 000,000,000 | R--D | C] -- C:\Users\JMC\Documents\Ubisoft

[2013.03.20 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Ubisoft Game Launcher

[2013.03.20 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

[2013.03.20 20:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2013.03.20 20:31:40 | 000,804,384 | ---- | C] (Firelight Technologies) -- C:\Windows\SysWow64\fmodex.dll

[2013.03.20 20:31:40 | 000,312,864 | ---- | C] (Firelight Technologies) -- C:\Windows\SysWow64\fmod_event.dll

[2013.03.20 19:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2013.03.20 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes

[2013.03.20 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cryptload1.1.8

[2013.03.18 20:14:19 | 000,000,000 | ---D | C] -- C:\Users\JMC\Documents\Klei

[2013.03.16 13:01:14 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Arrowhead

[2013.03.14 14:50:43 | 000,000,000 | ---D | C] -- C:\Users\JMC\Documents\My Games

[2013.03.14 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\.minecraft

[2013.03.14 13:55:46 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Sony Online Entertainment

[2013.03.14 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\SCE

[2013.03.14 11:40:45 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013.03.14 11:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CustoPackTools

[2013.03.14 11:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CustoPackTools

[2013.03.14 11:25:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO

[2013.03.14 02:14:26 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\NVIDIA

[2013.03.14 01:38:55 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\LolClient

[2013.03.14 00:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\W7NBC

[2013.03.13 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2013.03.13 20:51:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2013.03.13 20:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013.03.13 20:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013.03.13 20:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013.03.13 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Macromedia

[2013.03.13 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Macromedia

[2013.03.13 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Adobe

[2013.03.13 19:47:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2013.03.13 19:47:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2013.03.13 19:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2013.03.13 18:41:19 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013.03.13 18:41:19 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013.03.13 18:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2013.03.13 18:41:16 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013.03.13 18:41:16 | 000,263,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys

[2013.03.13 18:41:16 | 000,127,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2013.03.13 18:41:16 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013.03.13 18:41:16 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013.03.13 18:41:16 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013.03.13 18:41:16 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2013.03.13 18:41:15 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013.03.13 18:41:04 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys

[2013.03.13 18:40:50 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013.03.13 18:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013.03.13 18:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013.03.13 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\ASUS

[2013.03.13 18:24:18 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013.03.13 18:24:18 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013.03.13 18:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2013.03.13 18:24:02 | 008,769,536 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll

[2013.03.13 18:24:02 | 000,465,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll

[2013.03.13 18:24:02 | 000,303,104 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll

[2013.03.13 18:24:02 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv2.dll

[2013.03.13 18:24:02 | 000,217,088 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv.dll

[2013.03.13 18:24:02 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll

[2013.03.13 18:24:02 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysWow64\Cm_Oal.dll

[2013.03.13 18:24:02 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysNative\Cm_Oal.dll

[2013.03.13 18:24:02 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv642.dll

[2013.03.13 18:24:02 | 000,121,856 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv64.dll

[2013.03.13 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar DG Audio

[2013.03.13 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar DG Audio

[2013.03.13 18:23:44 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys

[2013.03.13 18:23:44 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\CmiFltr.dll

[2013.03.13 18:23:44 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll

[2013.03.13 18:23:44 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmudaxp.dll

[2013.03.13 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Mozilla

[2013.03.13 18:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013.03.13 18:15:16 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files

[2013.03.13 18:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician

[2013.03.13 18:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung SSD Magician

[2013.03.13 18:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2013.03.13 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2013.03.13 18:05:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2013.03.13 18:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2013.03.13 18:05:17 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2013.03.13 18:05:17 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2013.03.13 18:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2013.03.13 18:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2013.03.13 18:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2013.03.13 18:04:31 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2013.03.13 18:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013.03.13 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2013.03.13 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Opera

[2013.03.13 18:00:39 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\OCS

[2013.03.13 18:00:39 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\DesktopIconForAmazon

[2013.03.13 17:53:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2013.03.13 17:52:26 | 000,000,000 | R--D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013.03.13 17:52:26 | 000,000,000 | R--D | C] -- C:\Users\JMC\Searches

[2013.03.13 17:52:26 | 000,000,000 | R--D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013.03.13 17:52:20 | 000,000,000 | R--D | C] -- C:\Users\JMC\Contacts

[2013.03.13 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Identities

[2013.03.13 17:52:19 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\VirtualStore

[2013.03.13 17:52:16 | 000,000,000 | --SD | C] -- C:\Users\JMC\AppData\Roaming\Microsoft

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Videos

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Saved Games

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Pictures

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Music

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Links

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Favorites

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Downloads

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Documents

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\Desktop

[2013.03.13 17:52:16 | 000,000,000 | R--D | C] -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Vorlagen

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\AppData\Local\Verlauf

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\AppData\Local\Temporary Internet Files

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Startmenü

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\SendTo

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Recent

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Netzwerkumgebung

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Lokale Einstellungen

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Documents\Eigene Videos

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Documents\Eigene Musik

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Eigene Dateien

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Documents\Eigene Bilder

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Druckumgebung

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Cookies

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\AppData\Local\Anwendungsdaten

[2013.03.13 17:52:16 | 000,000,000 | -HSD | C] -- C:\Users\JMC\Anwendungsdaten

[2013.03.13 17:52:16 | 000,000,000 | -H-D | C] -- C:\Users\JMC\AppData

[2013.03.13 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Temp

[2013.03.13 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Local\Microsoft

[2013.03.13 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\JMC\AppData\Roaming\Media Center Programs

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Recovery

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Programme

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2013.03.13 17:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2013.03.13 17:40:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2013.03.13 17:40:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2013.03.13 17:39:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.05 20:12:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.05 19:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.04.05 19:05:44 | 000,000,000 | ---- | M] () -- C:\Users\JMC\defogger_reenable

[2013.04.05 19:03:51 | 000,026,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 19:03:51 | 000,026,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.05 19:00:58 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.05 19:00:58 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.05 19:00:58 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.05 19:00:58 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.05 19:00:58 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.04 21:11:41 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.03.27 21:32:20 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk

[2013.03.24 20:23:08 | 000,324,419 | ---- | M] (hxxp://magiclauncher.com) -- C:\Users\JMC\Desktop\MagicLauncher_1.0.0.exe

[2013.03.23 16:17:00 | 000,007,572 | ---- | M] () -- C:\Users\JMC\Documents\cc_20130323_151649.reg

[2013.03.23 16:15:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013.03.22 20:16:49 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.03.22 20:10:03 | 000,001,268 | ---- | M] () -- C:\Users\JMC\Desktop\Revo Uninstaller.lnk

[2013.03.21 20:38:29 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

[2013.03.20 19:54:36 | 000,001,499 | ---- | M] () -- C:\Users\JMC\Desktop\CryptLoad.lnk

[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2013.03.14 14:18:36 | 000,000,741 | ---- | M] () -- C:\Users\JMC\Desktop\PlanetSide 2.lnk

[2013.03.14 14:02:49 | 000,263,186 | ---- | M] () -- C:\Users\JMC\Desktop\Minecraft.exe

[2013.03.13 23:49:54 | 000,270,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.03.13 22:13:04 | 000,000,853 | ---- | M] () -- C:\Users\JMC\Desktop\Steam.lnk

[2013.03.13 20:57:03 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\LoL.lnk

[2013.03.13 19:06:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013.03.13 18:58:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013.03.13 18:58:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013.03.13 18:41:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013.03.13 18:24:19 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\¸‰€

[2013.03.13 18:24:18 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013.03.13 18:24:18 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013.03.13 18:24:02 | 000,042,457 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl

[2013.03.13 18:24:02 | 000,000,900 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi

[2013.03.13 18:24:02 | 000,000,839 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini

[2013.03.13 18:24:02 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx

[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[2013.03.13 17:42:46 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2013.03.13 17:42:46 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2013.03.13 17:40:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013.03.07 01:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013.03.07 01:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013.03.07 01:33:20 | 000,263,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys

[2013.03.07 01:33:20 | 000,127,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013.03.07 01:33:20 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2013.03.07 01:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013.03.07 01:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013.03.07 01:11:21 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys

 
 ========== Files Created - No Company Name ==========

 

[2013.04.05 19:05:44 | 000,000,000 | ---- | C] () -- C:\Users\JMC\defogger_reenable

[2013.04.04 21:11:41 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013.03.28 19:43:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013.03.27 21:32:20 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk

[2013.03.23 16:16:52 | 000,007,572 | ---- | C] () -- C:\Users\JMC\Documents\cc_20130323_151649.reg

[2013.03.23 16:15:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013.03.22 20:16:49 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013.03.22 20:16:49 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013.03.22 20:10:03 | 000,001,268 | ---- | C] () -- C:\Users\JMC\Desktop\Revo Uninstaller.lnk

[2013.03.21 20:38:29 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk

[2013.03.20 19:54:36 | 000,001,499 | ---- | C] () -- C:\Users\JMC\Desktop\CryptLoad.lnk

[2013.03.14 14:18:36 | 000,000,741 | ---- | C] () -- C:\Users\JMC\Desktop\PlanetSide 2.lnk

[2013.03.14 14:18:36 | 000,000,741 | ---- | C] () -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk

[2013.03.14 14:02:48 | 000,263,186 | ---- | C] () -- C:\Users\JMC\Desktop\Minecraft.exe

[2013.03.13 22:13:04 | 000,000,853 | ---- | C] () -- C:\Users\JMC\Desktop\Steam.lnk

[2013.03.13 20:57:03 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\LoL.lnk

[2013.03.13 19:47:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.03.13 19:06:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013.03.13 19:04:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013.03.13 18:58:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013.03.13 18:58:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013.03.13 18:53:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013.03.13 18:41:16 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013.03.13 18:41:16 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013.03.13 18:41:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2013.03.13 18:24:19 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\¸‰€

[2013.03.13 18:24:02 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu

[2013.03.13 18:24:02 | 000,805,376 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe

[2013.03.13 18:24:02 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgp.cpl

[2013.03.13 18:24:02 | 000,282,112 | ---- | C] () -- C:\Windows\System\HsMgr64.exe

[2013.03.13 18:24:02 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe

[2013.03.13 18:24:02 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll

[2013.03.13 18:24:02 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2013.03.13 18:24:02 | 000,000,140 | ---- | C] () -- C:\Windows\System\Dlap.pfx

[2013.03.13 18:24:02 | 000,000,053 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini

[2013.03.13 18:24:02 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini

[2013.03.13 18:23:55 | 000,000,900 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2013.03.13 18:23:52 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll

[2013.03.13 18:23:52 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2013.03.13 18:23:52 | 000,000,839 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini

[2013.03.13 18:23:52 | 000,000,593 | ---- | C] () -- C:\Windows\cmudaxp.ini

[2013.03.13 18:05:24 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2013.03.13 18:05:02 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2013.03.13 17:52:30 | 000,001,409 | ---- | C] () -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2013.03.13 17:52:27 | 000,001,443 | ---- | C] () -- C:\Users\JMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013.03.13 17:42:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2013.03.13 17:42:39 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2013.03.13 17:40:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.04.04 16:13:01 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\.minecraft

[2013.03.16 13:01:14 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\Arrowhead

[2013.03.13 18:24:19 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\ASUS

[2013.03.13 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\DesktopIconForAmazon

[2013.03.14 01:38:55 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\LolClient

[2013.03.13 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\OCS

[2013.03.13 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\JMC\AppData\Roaming\Opera

 
 ========== Purity Check ==========

 

 
 

< End of report >

Der Upload des Ordners ist erfolgt.