Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner unter Windows 7 (https://www.trojaner-board.de/134836-gvu-trojaner-windows-7-a.html)

Elex 12.05.2013 15:49
GVU Trojaner unter Windows 7
 
Hallo,
Suche seit 12 Uhr schon nach der Lösung zum "zerstören" des Viruses.
Ich hatte den Virus schon einmal und dachte -"OK, ab in den Abgesicherten Modus".
Gedacht, Getan, jedoch hat sich der PC darauf von selber neugestartet :uglyhammer: .
Nach paar Stunden Googeln habe ich herausgefunden das dieser Virus wohl ein paar Einträge in der Registry gelöscht hat. :kaffee: .
Hab nach einer Anleitung im Internet den Reatogo-X-Pe per CD gebootet.
OTLPE gestartet doch ich konnte keine .txt fix datei finden für "jeden" .
Also lautet meine Frage eig. woher kriege ich die fix datei ?
Lad schonmal OTL.txt (gibt's nur die) datei hoch.

Danke schonmal im vorraus.
Code:
OTL logfile created on: 5/12/2013 6:06:59 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.57 Gb Total Space | 22.02 Gb Free Space | 9.43% Space Free | Partition Type: NTFS
Drive E: | 231.80 Gb Total Space | 154.27 Gb Free Space | 66.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/12/13 12:42:23 | 001,957,912 | ---- | M] (Bitdefender) [Auto] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV:64bit: - [2012/09/01 12:04:32 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/09/01 12:04:17 | 000,067,904 | ---- | M] (Bitdefender) [Auto] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012/07/21 16:43:31 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/06/28 04:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV:64bit: - [2011/10/14 17:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011/07/07 17:36:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/20 10:16:30 | 000,204,288 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/07 07:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/05 13:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 11:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 09:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 08:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 11:26:34 | 000,162,824 | ---- | M] () [Auto] -- C:\Windows\System32\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2013/04/23 11:48:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/03 09:55:43 | 000,049,152 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/08 07:55:20 | 000,161,536 | ---- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/10 12:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/27 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/17 13:31:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/08 18:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/08 21:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/11/29 08:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/09/13 10:26:14 | 000,012,592 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2006/12/13 21:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 21:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 20:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 12:43:41 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/12/13 12:42:26 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/12/13 12:42:15 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/11/18 11:13:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/28 05:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/01 12:04:16 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/06/28 04:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012/06/21 10:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2011/11/22 10:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011/11/17 11:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 14:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 09:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 11:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011/08/16 08:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/04/20 11:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 09:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/23 11:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/13 14:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/10 19:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/10 19:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/11/10 19:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/06 16:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/29 10:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/29 06:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 06:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/07/02 05:08:32 | 000,525,040 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_HDAL_amd64.sys -- (SRS_HDAL_Service)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/19 13:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/12/31 06:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/12/15 08:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/30 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 09:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 13:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/27 02:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2006/11/08 11:38:36 | 000,046,464 | ---- | M] (LITE-ON) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbdtv.sys -- (usbdtv) LITE-ON DVB-T (PID=F001)
DRV:64bit: - [2006/11/02 04:39:32 | 000,023,552 | ---- | M] (LITE-ON) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dtvfw.sys -- (DTVFW)
DRV:64bit: - [2006/10/17 21:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/11/01 01:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2003/04/18 19:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Alex_ON_C\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0:  File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/09/01 09:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/09/01 09:39:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alex\AppData\Roaming\IDM\idmmzcc5
 
[2012/09/01 09:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/09/01 09:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
 
O1 HOSTS File: ([2013/04/30 20:37:44 | 000,000,862 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      live.virtualdj.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (no name) - {F999A48B-1950-4D81-9971-79018F807B4B} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TOSHIBA Face Recognition] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\Alex_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Alex\Documents\fd6dff6.exe ()
O4 - HKU\Alex_ON_C..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS HD Audio Lab\HDAL.exe (SRS Labs, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Alex_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Alex_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Alex_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Alex_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Alex_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/09 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CEA9502C-200D-4CB9-8FD7-11FCF1356149}
[2013/05/06 11:35:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\foobar2000
[2013/05/06 11:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2013/05/06 11:34:55 | 003,729,256 | ---- | C] (foobar2000.org) -- C:\Users\Alex\Documents\foobar2000_v1.2.6.exe
[2013/05/05 09:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MainConcept
[2013/05/05 09:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MainConcept
[2013/05/05 05:11:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\FabFilter
[2013/05/05 05:11:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FabFilter
[2013/05/05 05:07:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
[2013/05/05 05:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FabFilter
[2013/05/05 05:07:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\WiN
[2013/05/03 12:00:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
[2013/05/03 11:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2013/05/03 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2013/04/30 11:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013/04/22 15:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/04/22 15:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/04/22 15:40:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\QuickPar
[2013/04/22 15:38:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/04/22 15:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/04/22 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013/04/22 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\GTA San Andreas User Files
[2013/04/22 14:03:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\NFS Most Wanted
[2013/04/22 13:57:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Hive Cluster
[2013/04/22 13:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013/04/22 13:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013/04/22 12:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment
[2013/04/22 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA SA
[2013/04/22 09:53:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Silent Hill Homecoming
[2013/04/22 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\CAPCOM
[2013/04/22 09:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Hill Homecoming
[2013/04/22 09:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silent Hill Homecoming
[2013/04/22 08:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/04/22 08:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/04/22 07:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Capcom
[2013/04/21 14:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mugenhi
[2013/04/15 08:26:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\iZotope
[2013/04/14 10:24:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2013/04/14 08:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/14 08:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/14 08:26:39 | 000,000,000 | ---D | C] -- C:\Windows\repair
[2013/04/13 14:32:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\ExpressFiles
[2010/11/11 09:34:12 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/12 07:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/12 07:36:28 | 2801,369,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/12 07:32:50 | 000,000,376 | ---- | M] () -- C:\Users\Alex\AppData\Roamingprivacy.xml
[2013/05/11 19:53:48 | 001,084,674 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\2433f433
[2013/05/11 19:53:47 | 001,084,724 | ---- | M] () -- C:\Users\Alex\AppData\Local\2433f433
[2013/05/11 19:53:47 | 001,084,683 | ---- | M] () -- C:\ProgramData\2433f433
[2013/05/11 19:53:30 | 000,030,208 | ---- | M] () -- C:\Users\Alex\Documents\fd6dff6.exe
[2013/05/11 19:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/11 16:35:07 | 000,068,886 | ---- | M] () -- C:\Users\Alex\Documents\Sylenth1 Big 50 Pack ! Nyonyxx Presets ^_^.zip
[2013/05/11 13:55:15 | 000,025,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 13:55:15 | 000,025,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/10 11:57:01 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Documents\DISCO.LPTB.rar
[2013/05/10 11:49:54 | 000,738,384 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/05/10 11:49:54 | 000,736,166 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/05/10 11:49:54 | 000,732,714 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/05/10 11:49:54 | 000,701,542 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/10 11:49:54 | 000,655,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/10 11:49:54 | 000,153,576 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/05/10 11:49:54 | 000,150,152 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/10 11:49:54 | 000,150,054 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/05/10 11:49:54 | 000,147,320 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/05/10 11:49:54 | 000,122,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 11:27:36 | 301,655,556 | ---- | M] () -- C:\Users\Alex\Documents\Vengeance Minimal House Vol 1.rar
[2013/05/10 11:00:44 | 100,249,778 | ---- | M] () -- C:\Users\Alex\Documents\Vengeance - Essential House Vol.1.rar
[2013/05/09 13:11:07 | 000,225,762 | ---- | M] () -- C:\Users\Alex\Documents\lisamitchell.jpg
[2013/05/09 12:02:34 | 003,577,629 | ---- | M] () -- C:\Users\Alex\Documents\f73be690-3ed8-4ef8-b4d1-26c0b34403e7.zip
[2013/05/06 15:13:43 | 413,138,988 | ---- | M] () -- C:\Users\Alex\Documents\V-VEdfss1.rar
[2013/05/06 11:43:38 | 000,379,322 | ---- | M] () -- C:\Users\Alex\Documents\et.fpl
[2013/05/06 11:35:31 | 000,001,084 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013/05/06 11:35:09 | 003,729,256 | ---- | M] (foobar2000.org) -- C:\Users\Alex\Documents\foobar2000_v1.2.6.exe
[2013/05/06 11:25:37 | 007,358,600 | ---- | M] () -- C:\Users\Alex\Documents\V-VEss1.rar
[2013/05/05 09:28:06 | 000,064,416 | ---- | M] () -- C:\Users\Alex\Documents\avidavicodec.dll.zip
[2013/05/05 09:26:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MainConcept
[2013/05/05 09:24:25 | 001,052,118 | ---- | M] () -- C:\Users\Alex\Documents\mjpegcodec-3.2.4.zip
[2013/05/05 09:22:37 | 000,111,595 | ---- | M] () -- C:\Users\Alex\Documents\Avid_2.0d2_codec.zip
[2013/05/05 05:05:37 | 149,354,892 | ---- | M] () -- C:\Users\Alex\Documents\FFPP1122012wo.rar
[2013/05/04 05:28:43 | 003,278,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/03 11:58:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013/05/03 06:11:10 | 086,920,909 | ---- | M] () -- C:\Users\Alex\Desktop\IMG_0003.mp4
[2013/05/01 07:59:08 | 387,943,724 | ---- | M] () -- C:\Users\Alex\Documents\TekkenTagTournamentPALHumanfly138.rar
[2013/04/30 20:37:44 | 000,000,862 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/23 11:48:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/23 11:48:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/22 15:48:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/04/22 15:38:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013/04/22 13:42:39 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/04/22 13:26:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013/04/22 13:16:19 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/22 09:23:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Hill Homecoming
[2013/04/22 08:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/04/14 08:43:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/13 14:32:23 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/13 10:37:01 | 044,282,408 | ---- | M] () -- C:\Users\Alex\Documents\Will Ferrell and Jimmy Fallon Fight Over Tight Pants - Late Night with Jimmy Fallon (5 10 12).mp4
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/11 19:53:48 | 001,084,674 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\2433f433
[2013/05/11 19:53:47 | 001,084,724 | ---- | C] () -- C:\Users\Alex\AppData\Local\2433f433
[2013/05/11 19:53:47 | 001,084,683 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/11 19:53:30 | 000,030,208 | ---- | C] () -- C:\Users\Alex\Documents\fd6dff6.exe
[2013/05/11 16:35:06 | 000,068,886 | ---- | C] () -- C:\Users\Alex\Documents\Sylenth1 Big 50 Pack ! Nyonyxx Presets ^_^.zip
[2013/05/10 11:18:45 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Documents\DISCO.LPTB.rar
[2013/05/10 10:48:00 | 301,655,556 | ---- | C] () -- C:\Users\Alex\Documents\Vengeance Minimal House Vol 1.rar
[2013/05/10 10:46:40 | 100,249,778 | ---- | C] () -- C:\Users\Alex\Documents\Vengeance - Essential House Vol.1.rar
[2013/05/09 13:05:24 | 000,225,762 | ---- | C] () -- C:\Users\Alex\Documents\lisamitchell.jpg
[2013/05/09 12:01:09 | 003,577,629 | ---- | C] () -- C:\Users\Alex\Documents\f73be690-3ed8-4ef8-b4d1-26c0b34403e7.zip
[2013/05/07 17:20:03 | 086,920,909 | ---- | C] () -- C:\Users\Alex\Desktop\IMG_0003.mp4
[2013/05/06 11:43:38 | 000,379,322 | ---- | C] () -- C:\Users\Alex\Documents\et.fpl
[2013/05/06 11:35:31 | 000,001,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013/05/06 11:25:31 | 413,138,988 | ---- | C] () -- C:\Users\Alex\Documents\V-VEdfss1.rar
[2013/05/06 11:23:12 | 007,358,600 | ---- | C] () -- C:\Users\Alex\Documents\V-VEss1.rar
[2013/05/05 09:28:06 | 000,064,416 | ---- | C] () -- C:\Users\Alex\Documents\avidavicodec.dll.zip
[2013/05/05 09:24:17 | 001,052,118 | ---- | C] () -- C:\Users\Alex\Documents\mjpegcodec-3.2.4.zip
[2013/05/05 09:22:36 | 000,111,595 | ---- | C] () -- C:\Users\Alex\Documents\Avid_2.0d2_codec.zip
[2013/05/05 04:30:59 | 149,354,892 | ---- | C] () -- C:\Users\Alex\Documents\FFPP1122012wo.rar
[2013/05/01 06:56:22 | 387,943,724 | ---- | C] () -- C:\Users\Alex\Documents\TekkenTagTournamentPALHumanfly138.rar
[2013/04/13 14:32:23 | 000,000,000 | ---- | C] () -- C:\END
[2013/04/13 10:33:37 | 044,282,408 | ---- | C] () -- C:\Users\Alex\Documents\Will Ferrell and Jimmy Fallon Fight Over Tight Pants - Late Night with Jimmy Fallon (5 10 12).mp4
[2013/03/17 15:32:36 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/03/17 15:32:36 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2013/03/16 15:40:33 | 000,004,132 | ---- | C] () -- C:\ProgramData\yhwuvfio.aki
[2013/02/26 12:54:20 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2013/02/25 15:54:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012/10/09 14:38:35 | 004,032,098 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\minecraft.zip
[2012/09/26 14:40:59 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/09/21 14:34:27 | 000,000,226 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/19 15:11:58 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\FA5AC5D479.sys
[2012/09/19 15:11:43 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/09/13 09:22:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012/09/13 09:22:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012/09/01 09:41:08 | 000,185,869 | ---- | C] () -- C:\ProgramData\1346506617.bdinstall.bin
[2012/09/01 09:33:55 | 000,159,688 | ---- | C] () -- C:\ProgramData\1346506333.bdinstall.bin
[2012/09/01 09:04:32 | 000,022,638 | ---- | C] () -- C:\ProgramData\1346504530.bdinstall.bin
[2012/09/01 09:01:24 | 000,196,987 | ---- | C] () -- C:\ProgramData\1346504359.bdinstall.bin
[2012/09/01 02:07:31 | 000,158,720 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\rshop.dll
[2012/08/19 19:17:53 | 000,088,189 | ---- | C] () -- C:\Users\Alex\AppData\Local\Tempbg.jpg
[2012/08/18 11:28:39 | 001,145,382 | ---- | C] () -- C:\Users\Alex\AppData\Local\Tempmusic.ogg
[2012/08/05 14:59:06 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2012/08/05 14:58:40 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/05 14:58:38 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012/08/05 14:58:38 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/08/05 14:58:38 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/05 14:58:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/20 19:14:53 | 000,005,120 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 08:05:21 | 000,000,464 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/13 08:05:21 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/07/04 08:00:25 | 000,000,385 | ---- | C] () -- C:\Users\Alex\AppData\Roaminguser_gensett.xml
[2012/06/30 13:58:28 | 004,176,016 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 13:07:41 | 000,000,376 | ---- | C] () -- C:\Users\Alex\AppData\Roamingprivacy.xml
[2012/06/26 04:38:33 | 000,429,495 | ---- | C] () -- C:\ProgramData\1340698681.bdinstall.bin
[2012/06/25 15:41:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/25 15:40:59 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/06 18:59:40 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/10/06 18:39:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/10/06 18:30:49 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2011/10/06 18:29:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/06 18:27:19 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/03 13:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/10/22 04:14:19 | 000,000,870 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\smallwindows.cfg
[2009/10/05 10:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\Cpuinf32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/29 18:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/29 18:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/29 18:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
 
========== LOP Check ==========
 
[2013/03/25 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2012/08/24 11:34:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ableton
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\achievement
[2013/03/17 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012/10/09 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\armor
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\art
[2013/05/06 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity
[2012/12/07 18:23:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avid
[2012/12/07 18:02:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avid Technology Inc
[2013/04/18 10:23:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2012/09/01 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bitdefender
[2012/09/19 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blender Foundation
[2013/03/30 15:37:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Celemony Software GmbH
[2012/10/09 14:42:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com
[2012/08/24 14:41:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Cycling '74
[2013/02/27 14:58:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2012/09/01 16:57:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2012/09/01 09:06:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DesktopIconForAmazon
[2012/09/27 13:30:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DMCache
[2013/04/22 15:48:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2012/09/23 09:37:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\environment
[2013/04/13 14:32:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ExpressFiles
[2013/05/05 05:12:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FabFilter
[2013/03/01 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FAlterSoft
[2012/09/26 14:41:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Final Draft
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\font
[2013/05/06 11:46:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\foobar2000
[2012/10/23 12:15:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Freecorder 7 Audio
[2012/08/05 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeFLVConverter
[2013/02/06 17:06:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Groovedown
[2012/09/10 09:52:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Groovedown_Uninstall
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gui
[2013/04/22 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hive Cluster
[2013/02/15 13:17:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2012/06/27 10:00:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Image-Line
[2012/11/14 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ImgBurn
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\item
[2013/03/19 10:28:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iZotope
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\lang
[2012/12/28 09:24:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2013/03/06 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\maComfort
[2012/10/09 14:42:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\META-INF
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\misc
[2012/10/09 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mob
[2012/12/31 13:11:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MPEG Streamclip
[2012/10/09 14:42:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\net
[2012/07/02 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OnLive App
[2012/06/25 14:35:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2012/11/14 16:19:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Orbit
[2012/12/07 18:03:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PACE Anti-Piracy
[2012/11/11 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Party
[2012/10/09 14:42:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\paulscode
[2013/02/23 08:05:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PianoMarvel
[2013/03/09 09:22:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PreSonus
[2012/09/27 12:50:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ProgSense
[2013/02/04 10:27:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software
[2012/08/06 18:24:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Publish Providers
[2012/06/26 04:19:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\QuickScan
[2013/02/21 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Red Giant Link
[2013/03/25 09:55:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-updater
[2012/07/09 14:01:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-zsync
[2012/11/06 17:42:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client
[2012/08/19 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Software4u
[2012/09/01 09:08:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Solveig Multimedia
[2012/11/13 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2012/12/05 15:34:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Creative Software
[2013/03/17 08:35:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Synthesia
[2012/10/08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SynthMaker
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\terrain
[2012/11/30 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TGCStore
[2012/10/09 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\title
[2012/06/25 11:23:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Toshiba
[2012/06/26 12:12:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TOSHIBA Online Product Information
[2012/06/30 13:59:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TP
[2013/02/23 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2013/01/11 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay
[2013/01/11 19:21:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay_hook_win64
[2013/03/16 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tunngle
[2013/01/14 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2013/01/16 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WindSolutions
[2012/12/31 12:28:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Xilisoft
[2012/09/01 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xsecva
[2012/09/06 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Youtube Downloader HD
[2013/03/17 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2013/01/12 11:53:36 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/08/24 10:24:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2013/03/17 15:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Aimersoft Video Converter Ultimate
[2012/09/10 09:59:43 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/09/27 11:37:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2013/03/30 20:09:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Audio Damage
[2012/09/19 15:17:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2012/12/08 15:35:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Avid
[2012/09/19 11:10:03 | 000,000,000 | ---D | M] -- C:\ProgramData\bdch
[2012/06/26 04:36:31 | 000,000,000 | ---D | M] -- C:\ProgramData\BDLogging
[2012/09/01 09:40:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Bitdefender
[2013/01/10 17:53:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Bohemia Interactive Studio
[2012/12/02 13:43:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/12/17 16:19:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Celemony Software GmbH
[2012/11/18 11:20:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2012/08/16 14:02:11 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | --SD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/09/29 10:36:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/09/26 14:39:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Final Draft
[2012/10/13 14:27:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Freemake
[2012/12/06 16:32:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Geevs
[2012/12/30 11:32:07 | 000,000,000 | ---D | M] -- C:\ProgramData\IObit
[2013/05/03 11:58:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2012/12/30 11:03:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Orbit
[2012/12/07 17:46:23 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE
[2012/12/07 18:03:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012/07/17 15:17:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2013/03/09 09:25:17 | 000,000,000 | ---D | M] -- C:\ProgramData\PreSonus
[2013/02/04 10:27:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2012/12/29 18:04:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Razer
[2012/08/07 19:36:22 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2012/12/06 16:29:17 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2012/08/06 18:12:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2012/07/07 06:13:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SRS Labs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/25 11:08:44 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA
[2012/06/25 11:02:13 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2013/02/25 15:54:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2012/07/03 04:44:23 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2012/12/07 13:58:52 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2013/01/16 17:11:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2013/05/11 12:22:03 | 000,000,000 | ---D | M] -- C:\ProgramData\xml_param
[2012/08/11 13:24:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
[2013/05/03 12:00:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
[2012/06/26 08:40:57 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/05/05 04:17:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1230 bytes -> C:\Users\Alex\AppData\Local\gNPD9TwMQH4:gK1PFnr3sKNRskYqsnO6eNv
@Alternate Data Stream - 1166 bytes -> C:\Users\Alex\AppData\Local\Temp:3dpPYlXpKqotbQuyMrq13so
@Alternate Data Stream - 1154 bytes -> C:\Users\Alex\AppData\Local\Temporary Internet Files:EgWd4XxXKpFUptcQL4fB
@Alternate Data Stream - 1139 bytes -> C:\Users\Alex\AppData\Local\Temp:3rxf64KTNL8NdC4opJsTmHk
@Alternate Data Stream - 1029 bytes -> C:\Users\Alex\AppData\Local\Anwendungsdaten:4xZJj2UPsz41fRWBYCSOU
@Alternate Data Stream - 1029 bytes -> C:\Users\Alex\AppData\Local:4xZJj2UPsz41fRWBYCSOU
< End of report >

aharonov 12.05.2013 16:30
Hallo,

Zitat:
OTLPE gestartet doch ich konnte keine .txt fix datei finden für "jeden" .
Sowas gibt's auch nicht..

Zitat:
Also lautet meine Frage eig. woher kriege ich die fix datei ?
Von mir.

Kannst du nach folgendem Fix den Rechner wieder normal starten?


Schritt 1
  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
[2013/05/11 19:53:48 | 001,084,674 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\2433f433
[2013/05/11 19:53:47 | 001,084,724 | ---- | C] () -- C:\Users\Alex\AppData\Local\2433f433
[2013/05/11 19:53:47 | 001,084,683 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/11 19:53:30 | 000,030,208 | ---- | C] () -- C:\Users\Alex\Documents\fd6dff6.exe
O4 - HKU\Alex_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Alex\Documents\fd6dff6.exe ()
@Alternate Data Stream - 1230 bytes -> C:\Users\Alex\AppData\Local\gNPD9TwMQH4:gK1PFnr3sKNRskYqsnO6eNv
@Alternate Data Stream - 1166 bytes -> C:\Users\Alex\AppData\Local\Temp:3dpPYlXpKqotbQuyMrq13so
@Alternate Data Stream - 1154 bytes -> C:\Users\Alex\AppData\Local\Temporary Internet Files:EgWd4XxXKpFUptcQL4fB
@Alternate Data Stream - 1139 bytes -> C:\Users\Alex\AppData\Local\Temp:3rxf64KTNL8NdC4opJsTmHk
@Alternate Data Stream - 1029 bytes -> C:\Users\Alex\AppData\Local\Anwendungsdaten:4xZJj2UPsz41fRWBYCSOU
@Alternate Data Stream - 1029 bytes -> C:\Users\Alex\AppData\Local:4xZJj2UPsz41fRWBYCSOU
[2012/09/26 14:40:59 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/16 15:40:33 | 000,004,132 | ---- | C] () -- C:\ProgramData\yhwuvfio.aki

:files
C:\Users\Alex\AppData\Local\gNPD9TwMQH4
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTLpe

aharonov 15.05.2013 23:48
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov 20.05.2013 19:52
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27