Trojanerproblem/*.vbs entdeckt
Hallo liebes Trojaner Forum,
ich habe vor ca. 2 Tagen festgestellt dass auf meiner Festplatte eine .vbs Datei mit meinem Rechnernamen als Dateiname liegt. Nach dem Oeffnen der Datei per Rechtsklick-->Edit liest man in den ersten zwei Zeilen "'Mutation of Trojan virus. 'My name is DESERT420.vbs".
Daraufhin habe ich mit Malwarebytes Anti-Malware einen QuickScan durchgefuehrt(logs nach dem Text) und mir wurden 3 infizierte Registryeintraege angezeigt, welche ich von MBAM entfernen liess.
Heute habe ich nun alle Scans nach eurer Anleitung gemacht( http://www.trojaner-board.de/69886-a...-beachten.html) und moechte euch um Hilfe bitten. :)
Hier nun die beiden MBAM logs sowie die von OTL und Gmer Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.04.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: DESERT420 [Administrator]
4/23/2013 11:50:56 PM
mbam-log-2013-04-23 (23-50-56).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189566
Laufzeit: 3 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.04.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: DESERT420 [Administrator]
4/23/2013 11:50:56 PM
MBAM-log-2013-04-24 (00-07-13).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189566
Laufzeit: 3 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| OTL Logfile: Code:
OTL logfile created on: 4/25/2013 1:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.22 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 81.51% Memory free
4.06 Gb Paging File | 3.74 Gb Available in Paging File | 92.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.52 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Computer Name: DESERT420 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/25 13:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/04/17 03:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe
PRC - [2013/04/17 03:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/04/09 02:35:29 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/09 02:29:55 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/04/07 22:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2008/05/08 14:28:04 | 000,864,576 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/04/14 13:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/04/11 13:44:23 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2013/04/11 13:44:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2013/04/11 13:42:48 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2013/04/11 13:41:56 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2013/04/11 13:41:50 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2013/04/11 13:41:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2013/04/11 13:40:15 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2013/04/11 13:40:07 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2013/04/11 13:37:20 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/04/11 13:37:19 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/04/11 13:37:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/04/11 13:37:11 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/04/09 02:17:08 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3041.37050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2013/04/09 02:17:08 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3041.37003__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013/04/09 02:17:08 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3041.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013/04/09 02:17:08 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3041.37278__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2013/04/09 02:17:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3041.37235__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2013/04/09 02:17:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3041.37041__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013/04/09 02:17:08 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3041.37177__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2013/04/09 02:17:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3041.37024__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013/04/09 02:17:07 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3041.37319__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013/04/09 02:16:48 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3041.37326__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:48 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3041.37018__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:47 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3041.37252__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013/04/09 02:16:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3041.37027__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:45 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3041.37227__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:45 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3041.37087__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2013/04/09 02:16:45 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3041.37072__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:44 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3041.37180__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:44 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3041.37170__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2013/04/09 02:16:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3041.37178__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2013/04/09 02:16:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3041.37187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2013/04/09 02:16:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3041.37226__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2013/04/09 02:16:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013/04/09 02:16:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013/04/09 02:16:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013/04/09 02:16:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013/04/09 02:16:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013/04/09 02:16:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013/04/09 02:16:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2013/04/09 02:16:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2013/04/09 02:16:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013/04/09 02:16:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013/04/09 02:16:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3041.37343__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013/04/09 02:16:33 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3041.37034__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013/04/09 02:16:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3041.37305__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013/04/09 02:16:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3041.37302__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013/04/09 02:16:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013/04/09 02:16:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013/04/09 02:16:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013/04/09 02:16:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013/04/09 02:16:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2013/04/09 02:16:33 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3041.36993__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013/04/09 02:16:32 | 001,511,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3041.37012__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013/04/09 02:16:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3041.36994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013/04/09 02:16:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3041.36994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2013/04/09 02:16:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013/04/09 02:16:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013/04/09 02:16:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3041.37304__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013/04/09 02:16:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013/04/09 02:16:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2013/04/09 02:16:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3041.36990__90ba9c70f846762e\APM.Server.dll
MOD - [2013/04/09 02:16:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3041.36992__90ba9c70f846762e\AEM.Server.dll
MOD - [2013/04/09 02:16:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/14 13:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 13:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/04 13:29:02 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2003/06/07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/11 02:53:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/09 02:35:29 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/09 02:33:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/07 22:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/13 02:58:30 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2012/12/13 02:58:28 | 002,880,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/12/13 02:50:26 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/06 09:40:57 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/04/08 18:45:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 02:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/10 18:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2013/04/09 02:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/04/25 10:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions
[2013/04/25 10:41:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions\plugin@yontoo.com
[2013/04/09 02:40:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/11 02:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 02:53:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/03/27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/03/27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/03/27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/03/27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2007/08/11 07:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DESERT420] C:\WINDOWS\system32\DESERT420.vbs ()
O4 - HKLM..\Run: [KVIrc] C:\Program Files\KVIrc\kvirc.exe (KVIrc Development Team)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D8F807E-1F7E-4CE1-A8F3-EAFBC789C429}: DhcpNameServer = 195.50.140.246 195.50.140.180
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/09 23:49:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/04/25 13:58:42 | 000,000,100 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell - "" = AutoRun
O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DESERT420.vbs
O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DESERT420.vbs
O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell - "" = AutoRun
O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KLAUS.vbs
O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell - "" = AutoRun
O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KLAUS.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/25 13:53:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/04/25 10:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Tufu - Haesslon
[2013/04/25 10:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2013/04/25 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2013/04/25 10:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/04/25 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yontoo
[2013/04/25 10:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/23 23:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/23 23:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/23 23:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/23 23:49:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/23 23:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/16 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.mono
[2013/04/11 23:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Jetzt Schämst Du Dich!
[2013/04/11 23:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Der Stoff, aus dem die Regenschirme sind
[2013/04/11 23:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Retrogott Und Hulk Hodn - Fresh Und Umbenannt (2013) 320
[2013/04/11 22:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/04/11 13:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam
[2013/04/11 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013/04/11 13:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2013/04/11 13:38:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/04/11 13:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/04/11 13:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/04/11 13:38:06 | 000,000,000 | ---D | C] -- C:\e0bc98650275ba8a07
[2013/04/11 13:36:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/11 02:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 22:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gtk-2.0
[2013/04/10 22:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.purple
[2013/04/10 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\LucasArts
[2013/04/10 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2013/04/10 18:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2013/04/10 18:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2013/04/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/04/10 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2013/04/10 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2013/04/10 18:36:21 | 000,466,008 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2013/04/10 18:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/04/10 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013/04/10 18:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/10 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013/04/10 18:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/04/10 18:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2013/04/10 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/04/10 16:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/04/10 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/04/10 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/04/10 16:13:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2013/04/10 16:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2013/04/10 16:12:35 | 000,017,408 | R--- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\drivers\mvusbews.sys
[2013/04/10 16:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/04/10 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/04/10 16:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP
[2013/04/10 14:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2013/04/10 14:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2013/04/10 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013/04/10 14:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2013/04/10 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KVIrc4
[2013/04/10 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Downloads
[2013/04/10 13:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KVIrc
[2013/04/10 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\KVIrc
[2013/04/10 03:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Windows.7.Ultimate.mit.SP1.7601.x64.677306.DVD.ISO.Mai.2011.German-PLZ
[2013/04/10 03:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/04/10 03:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apps
[2013/04/10 02:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2013/04/10 02:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeepBurner
[2013/04/10 02:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2013/04/10 02:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\temp
[2013/04/10 01:37:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/04/10 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2013/04/10 01:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2013/04/10 01:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2013/04/10 01:37:19 | 000,000,000 | R--D | C] -- C:\Program Files
[2013/04/10 01:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2013/04/10 01:36:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2013/04/10 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2013/04/10 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2013/04/10 01:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/04/10 01:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2013/04/10 01:36:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013/04/10 01:36:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/04/10 01:35:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/04/10 01:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2013/04/10 01:30:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2013/04/10 01:30:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2013/04/10 01:30:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2013/04/10 01:30:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2013/04/09 23:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/09 23:54:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/04/09 23:54:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/09 23:54:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/09 23:54:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/09 23:54:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/09 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/09 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/09 23:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/04/09 23:53:42 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2013/04/09 23:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/04/09 23:53:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2013/04/09 23:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2013/04/09 23:52:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2013/04/09 23:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2013/04/09 23:51:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/04/09 23:51:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/04/09 23:51:01 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2013/04/09 23:49:53 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2013/04/09 23:48:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2013/04/09 23:48:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2013/04/09 23:48:00 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2013/04/09 23:47:50 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2013/04/09 23:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2013/04/09 23:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2013/04/09 23:47:03 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2013/04/09 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/04/09 23:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2013/04/09 23:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2013/04/09 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2013/04/09 23:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2013/04/09 23:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2013/04/09 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2013/04/09 23:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2013/04/09 23:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2013/04/09 23:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/04/09 23:45:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2013/04/09 23:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2013/04/09 23:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2013/04/09 23:45:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/04/09 23:45:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/04/09 23:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2013/04/09 23:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2013/04/09 23:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2013/04/09 23:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2013/04/09 23:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2013/04/09 23:44:04 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2013/04/09 23:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2013/04/09 23:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013/04/09 23:43:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2013/04/09 23:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2013/04/09 23:43:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/04/09 23:43:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2013/04/09 10:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/04/09 03:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Launch Manager
[2013/04/09 03:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2013/04/09 03:15:24 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2013/04/09 03:15:24 | 000,005,120 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\FILTRCOI.DLL
[2013/04/09 03:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/04/09 03:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/04/09 02:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/04/09 02:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2013/04/09 02:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/04/09 02:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/09 02:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/04/09 02:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2013/04/09 02:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/09 02:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/09 02:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2013/04/09 02:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2013/04/09 02:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2013/04/09 02:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/09 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/09 02:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/04/09 02:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/09 02:23:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/09 02:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/04/09 02:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/04/09 02:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2013/04/09 02:20:26 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2013/04/09 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ATI
[2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ATI
[2013/04/09 02:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2013/04/09 02:13:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/04/09 02:12:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/04/09 02:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/04/09 02:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/04/09 02:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\QMI
[2013/04/09 02:07:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/04/09 02:07:09 | 000,393,216 | ---- | C] (Quanta Microsystems, Inc.) -- C:\WINDOWS\System32\QmiInstDev.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/25 14:00:42 | 001,003,230 | RHS- | M] () -- C:\WINDOWS\System32\DESERT420.vbs
[2013/04/25 13:58:42 | 001,003,230 | RHS- | M] () -- C:\DESERT420.vbs
[2013/04/25 13:58:42 | 000,000,100 | RHS- | M] () -- C:\autorun.inf
[2013/04/25 13:56:56 | 000,432,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/25 13:56:56 | 000,067,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/25 13:55:47 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer_2.1.19163.exe
[2013/04/25 13:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/04/25 13:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/25 13:51:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2013/04/25 13:51:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2013/04/25 13:41:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/25 12:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/25 10:42:07 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2013/04/23 23:49:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 20:19:27 | 000,091,106 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2013/04/18 05:23:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/11 22:39:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/04/11 13:48:17 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/11 13:45:43 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2013/04/10 22:32:53 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.url
[2013/04/10 21:36:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/10 19:00:16 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Star Wars Knights of the Old Republic.lnk
[2013/04/10 18:50:52 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/04/10 18:50:23 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk
[2013/04/10 18:24:59 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/04/10 17:06:12 | 001,003,230 | RHS- | M] () -- C:\KLAUS.vbs
[2013/04/10 16:34:38 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/04/10 16:12:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/04/10 16:12:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 14:22:24 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/04/10 14:21:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/04/10 14:09:34 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Administrator\kvirc4.ini
[2013/04/10 13:54:31 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KVIrc.lnk
[2013/04/10 03:26:46 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/04/10 03:24:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 02:54:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeepBurner.lnk
[2013/04/10 01:37:29 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2013/04/09 23:54:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/09 23:52:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/04/09 23:51:34 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/04/09 23:49:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/09 23:49:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/04/09 23:49:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/04/09 23:49:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/04/09 23:49:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/04/09 23:49:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/04/09 23:49:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/04/09 23:48:51 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/04/09 23:45:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/04/09 03:16:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Setup.INI
[2013/04/09 03:15:51 | 000,000,083 | ---- | M] () -- C:\WINDOWS\LManager.UNI
[2013/04/09 02:29:56 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2013/04/09 02:29:56 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2013/04/09 02:23:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/09 02:18:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/25 13:55:47 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer_2.1.19163.exe
[2013/04/25 13:51:31 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2013/04/25 13:51:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2013/04/25 10:42:07 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2013/04/25 10:42:02 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2013/04/25 10:42:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/04/25 10:42:02 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2013/04/23 23:49:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 20:19:27 | 000,091,106 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2013/04/18 05:23:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/11 13:45:43 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2013/04/11 13:39:17 | 000,206,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/04/10 22:32:53 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.url
[2013/04/10 19:00:16 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Star Wars Knights of the Old Republic.lnk
[2013/04/10 18:50:52 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/04/10 18:50:51 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/04/10 18:50:23 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk
[2013/04/10 18:43:15 | 001,003,230 | RHS- | C] () -- C:\DESERT420.vbs
[2013/04/10 18:24:59 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2013/04/10 17:06:12 | 001,003,230 | RHS- | C] () -- C:\KLAUS.vbs
[2013/04/10 17:06:12 | 001,003,230 | RHS- | C] () -- C:\WINDOWS\System32\DESERT420.vbs
[2013/04/10 17:06:12 | 000,000,100 | RHS- | C] () -- C:\autorun.inf
[2013/04/10 16:34:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/10 16:34:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/04/10 16:12:47 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2013/04/10 16:12:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2013/04/10 16:12:47 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2013/04/10 16:12:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/04/10 16:12:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/10 16:12:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2013/04/10 16:11:20 | 000,284,160 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2013/04/10 14:22:24 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/04/10 14:09:34 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Administrator\kvirc4.ini
[2013/04/10 13:54:31 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KVIrc.lnk
[2013/04/10 03:26:46 | 000,002,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/04/10 02:54:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DeepBurner.lnk
[2013/04/10 01:37:29 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2013/04/10 01:37:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 01:37:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/04/10 01:37:22 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2013/04/10 01:37:22 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2013/04/10 01:37:21 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2013/04/10 01:37:20 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2013/04/10 01:36:58 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/04/10 01:36:48 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2013/04/10 01:36:48 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2013/04/10 01:36:48 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2013/04/10 01:36:48 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2013/04/10 01:36:48 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2013/04/10 01:36:48 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2013/04/10 01:36:48 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2013/04/10 01:36:48 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2013/04/10 01:36:48 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2013/04/10 01:36:48 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2013/04/10 01:36:48 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2013/04/10 01:36:48 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2013/04/10 01:36:48 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2013/04/10 01:36:48 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2013/04/10 01:36:48 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2013/04/10 01:36:48 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2013/04/10 01:36:47 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2013/04/10 01:36:47 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2013/04/10 01:36:47 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2013/04/10 01:35:54 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 01:35:09 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2013/04/10 01:35:06 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/04/09 23:54:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/09 23:54:12 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/04/09 23:54:09 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/09 23:54:04 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/09 23:54:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2013/04/09 23:52:38 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/04/09 23:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/04/09 23:50:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2013/04/09 23:50:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2013/04/09 23:50:33 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2013/04/09 23:50:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2013/04/09 23:50:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2013/04/09 23:50:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2013/04/09 23:50:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2013/04/09 23:50:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2013/04/09 23:49:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2013/04/09 23:49:04 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/09 23:49:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/04/09 23:49:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/04/09 23:49:04 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2013/04/09 23:49:04 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013/04/09 23:49:00 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/04/09 23:49:00 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/04/09 23:48:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2013/04/09 23:47:49 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2013/04/09 23:47:36 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2013/04/09 23:47:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2013/04/09 23:47:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2013/04/09 23:47:09 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2013/04/09 23:46:20 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2013/04/09 23:45:31 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2013/04/09 23:45:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/04/09 23:45:04 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2013/04/09 23:44:34 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2013/04/09 23:44:34 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2013/04/09 23:44:34 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2013/04/09 23:44:34 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2013/04/09 23:44:34 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/04/09 23:44:33 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2013/04/09 23:44:33 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2013/04/09 23:44:33 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2013/04/09 23:44:33 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2013/04/09 23:44:33 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2013/04/09 23:44:33 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2013/04/09 23:44:29 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2013/04/09 23:44:29 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2013/04/09 23:44:28 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2013/04/09 23:44:21 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2013/04/09 03:16:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup.INI
[2013/04/09 03:15:51 | 000,000,083 | ---- | C] () -- C:\WINDOWS\LManager.UNI
[2013/04/09 02:33:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/09 02:29:56 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2013/04/09 02:29:56 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2013/04/09 02:23:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/09 02:23:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/09 02:20:54 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2013/04/09 02:20:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/04/09 02:20:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2013/04/09 02:20:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2013/04/09 02:20:32 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2013/04/09 02:18:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/04/09 02:07:09 | 000,000,774 | ---- | C] () -- C:\WINDOWS\System32\QmiInfo.cfg
[2013/04/09 02:00:51 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/13 02:58:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/12/13 02:58:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/12/13 02:58:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/12/13 02:58:28 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
========== ZeroAccess Check ==========
[2013/04/09 02:13:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 13:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/16 13:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.mono
[2013/04/25 13:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple
[2013/04/10 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/04/10 03:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2013/04/10 14:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KVIrc4
[2013/04/10 18:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2013/04/25 13:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yontoo
[2013/04/10 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/25 10:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 4/25/2013 1:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.22 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 81.51% Memory free
4.06 Gb Paging File | 3.74 Gb Available in Paging File | 92.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.52 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Computer Name: DESERT420 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\Counter-Strike Source\hl2.exe" = C:\Program Files\Steam\SteamApps\common\Counter-Strike Source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C3651D8-22A4-E868-62FD-50A416853E2A}" = CCC Help Chinese Standard
"{0D9FEB48-2CAC-F487-5AB6-C2E7F83C8F60}" = CCC Help Chinese Traditional
"{0ED4D7CF-DB92-0D72-3DD3-846A8B57013D}" = Catalyst Control Center Localization Hungarian
"{0FDC2255-9294-4303-B05B-B4C6E89C2BB5}" = CCC Help Japanese
"{137847CE-F4FC-7EF7-42B0-13A846C3B647}" = Catalyst Control Center Localization Finnish
"{18E410C2-9A08-0D5A-A8AC-B7E29780C93B}" = CCC Help Finnish
"{1AAEF53D-30FA-1667-EEE1-68B9180F12C6}" = Catalyst Control Center Core Implementation
"{2015DEE7-7F87-CCD5-BEB6-5D543EBEC9AE}" = Catalyst Control Center Localization Portuguese
"{22E12B40-C565-5957-1CC1-E7BEBC1B77B7}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2BA2F736-7663-4C76-9425-40890A46F995}" = Catalyst Control Center - Branding
"{2DE88B87-AF8D-A391-9222-554181BEA2B9}" = Catalyst Control Center Graphics Full New
"{2E0FED74-0E65-2C6D-B834-E0EFD4BD5EDE}" = CCC Help Italian
"{3489FFCA-2355-5F31-F729-0CFF20950027}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C0F0A1B-F2EC-AD3C-52AF-4DA06B09D83B}" = CCC Help Thai
"{3D195D09-5791-1AE0-A1D4-6835F3F2545A}" = Catalyst Control Center Localization Chinese Standard
"{3D3CA279-884F-8CD6-1ACA-EBAB94AB9F3F}" = Catalyst Control Center Localization Polish
"{3F23A07B-123C-9F57-609D-8D153916F49A}" = Catalyst Control Center Localization Thai
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
"{43CD2B7E-3697-D04D-0C42-9CF69B7897A2}" = Catalyst Control Center Localization Korean
"{44033775-1CE2-883D-9FF0-D3645A7C3368}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{627BF8BE-E723-4FA2-DFD5-2BF2CA7000EB}" = CCC Help French
"{643162B0-CFA4-9618-79A3-8FB0D58955C0}" = CCC Help Greek
"{645424AF-2ABB-3ED3-DC56-DEC371740F98}" = Catalyst Control Center Localization Dutch
"{6455DD26-368B-9B09-BDDD-1F27C59E40F2}" = CCC Help Norwegian
"{65F075C5-E1A4-B376-3E7C-BE724FE76052}" = CCC Help English
"{68B5A52F-CE99-0057-191F-66463728B2C9}" = Catalyst Control Center Localization Danish
"{6950EB38-C368-7BA4-A2FA-650A0834363B}" = CCC Help Czech
"{6D03AB23-1E1B-9BF0-4C91-98E2CFB5010A}" = CCC Help German
"{756CC70B-F63A-BDC2-46C9-D4E6BA1E4CDF}" = Catalyst Control Center Localization Italian
"{75DFA344-E460-37FA-A479-8704FBD11532}" = CCC Help Swedish
"{812E3EDD-A282-1E4A-2E93-4E30EEDC1064}" = CCC Help Polish
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{892DAC32-2E42-825A-F347-F48B4ADA77F8}" = CCC Help Spanish
"{8AE0C0CC-A09D-9415-7311-9C9C5553B1D6}" = Catalyst Control Center Localization Czech
"{9EB786BC-34AE-B8C2-BAD3-59E48A66CC72}" = CCC Help Korean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E8536F-5F70-FD7C-1DD7-C19242C1007E}" = CCC Help Russian
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7B74DFC-9255-7E51-3F4C-34CB0006FA23}" = Catalyst Control Center Localization Spanish
"{B7BAB0E7-47F7-6DD7-7AAE-89103D08D445}" = Catalyst Control Center Localization Russian
"{B7E48B3F-E36A-4DFC-838C-89B2FC8874BA}" = Catalyst Control Center Localization Norwegian
"{B8040D64-3140-FAB7-4D3A-EE341ED906AF}" = Catalyst Control Center Localization French
"{B89F8614-157A-F2C7-F59A-41D56BAD91C4}" = CCC Help Hungarian
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F9FFFB-D994-BC9E-713A-B472821A85AA}" = CCC Help Danish
"{C625B0D0-F630-AA2D-4D3F-D25E157D974D}" = CCC Help Turkish
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD946097-A4AD-4BA4-C181-B500F38C9340}" = Catalyst Control Center Localization German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB445F-3003-5706-6231-05AF99422F09}" = Catalyst Control Center Graphics Light
"{D5CB2D47-80CE-22D8-CCAF-BEB68769B017}" = Catalyst Control Center Localization Greek
"{D7F6DCFD-DA39-D1E8-C12D-94B0BAA8C4F5}" = Catalyst Control Center Graphics Full Existing
"{DD70931C-B0ED-5519-951E-6819D1850389}" = ccc-utility
"{DECCA8AE-D9EC-00C0-0A78-9F95FF2AAC1B}" = CCC Help Dutch
"{DF6382FE-F95D-CED9-28DB-29C110CC5790}" = Catalyst Control Center Localization Swedish
"{E702CB52-4691-5EAF-E242-D5123FFEBB19}" = Catalyst Control Center Localization Turkish
"{F0F9FE06-4E18-0822-AA2A-93054C6DDA6C}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99808D3-76CF-388A-2F53-24DA6735FE5A}" = Catalyst Control Center Localization Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"KVIrc" = KVIrc
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"Steam App 240" = Counter-Strike: Source
"Steam App 33910" = Arma 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/9/2013 9:20:25 PM | Computer Name = DESERT420 | Source = MsiInstaller | ID = 10005
Description = Product: Windows 7 USB/DVD Download Tool -- This application requires
the Image Mastering API v2. Please install the Image Mastering API then run this
installer again.
Error - 4/9/2013 9:27:57 PM | Computer Name = DESERT420 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
[ System Events ]
Error - 4/21/2013 4:35:20 PM | Computer Name = DESERT420 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Steam Client Service
service to connect.
Error - 4/21/2013 4:35:20 PM | Computer Name = DESERT420 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-25 15:09:14
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgtdypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6D2F000, 0x189FCA, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6B 0x91 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x54 0x13 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0x52 0x16 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6B 0x91 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x54 0x13 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0x52 0x16 0xD5 ...
---- EOF - GMER 2.1 ----
--- --- ---
Falls ihr mehr Infos benoetigt, einfach bescheid geben ;)
Ich hoffe ihr koennt mir helfen und danke euch auch schonmal :)
MfG Flaex |
AdwCleaner auf deinen Desktop.