Ist mein Opachki.ru vollends gelöscht?
Moin,
auf der Suche nach einem Filmtrailer bin ich leider auf einen Youtube-User reingefallen der vermutlich ausschließlich Malware seeden wollte. 48 Videos, alle 10 Sek lang, verwiesen mit einer geshorteten Url auf die auf Youtube nichtmehr vorhandenen Videos. Hab den später gemeldet und er ist geflogen. Glückwunsch Youtube! Keine 24 h. Er war aber mehrere Monate auf Beutefang.
"reevagalan wurde aufgrund von wiederholten oder schweren Verstößen gegen unsere Community-Richtlinien gekündigt."
Die nicht finale Adresse war
NICHT KLICKEN (falls kein Profi)
http : // 384 ;;; 75 . movieupload .;; filetap . ;;com
NICHT KLICKEN (falls kein Profi)
abzüglich Leerzeichen und Semikolons, die ich sicherheitshalber eingebracht habe.
Ich klickte also da drauf und bekam eine "leere Seite". Dann zurück, die anderen Videos entdeckt und kapiert, dass das wahrscheinlich nicht so klug war.
Nun denn. Spybot S&D angeschmissen. Das hat mir neben nem Cookie Opachki.ru angezeigt, im Autostart wenn ich mich recht entsinne.
Das soll böse Malware sein, die kaum zu entfernen ist.
Spybot, mbam und OTL hab ich walten lassen und hoffe, dass die Tatsache, dass ich zur Spybot-Zeit noch keinen Neustart hatte, die Ausführung des im Autostart gesetzten Schadcodes verhindert wurde und ich opachki los bin.
Ich habe übrigens noch keine eventuellen Auswirkungen wahrnehmen können, abgesehen von den Testergebnissen.
Vielen Dank für eure Hilfe!
RoSh Code:
--- Search result list ---
Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()
Opachki.ru: [SBI $9E90BA5A] Autorun-Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Right Media: Verfolgender Cookie (Internet Explorer: RoSh) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-11-09 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-10 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-10 Includes\TrojansC-05.sbi (*)
2010-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
--- Startup entries list ---
Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A
Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\Windows\system32\CTXFIHLP.EXE
size: 23552
MD5: 3DED07CE0E250531305C5C745BAA3E9A
Located: HK_LM:Run, HTC Sync Loader
command: "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
file: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
size: 585728
MD5: BC71BC338E8BBFAF83CA23493EDF31A5
Located: HK_LM:Run, NokiaMServer
command: C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
file: C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 614400
MD5: 64B9458E16AECFEF67333B7C39F82B09
Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 336384
MD5: 055C387F82389A13B64F5E9BD79B3BD6
Located: HK_CU:Run,
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, DU Meter
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command: C:\Program Files (x86)\DU Meter\DUMeter.exe
file: C:\Program Files (x86)\DU Meter\DUMeter.exe
size: 2941984
MD5: 87A5143AF8009818D32EDC2EFF13B12B
Located: HK_CU:Run, Microsoft Works Update Detection
where: S-1-5-21-2204050855-2847797839-2532557262-1000...
command: C:\Program Files (x86)\Microsoft Works\WkDetect.exe
file: C:\Program Files (x86)\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (allgemein), Launchy.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Launchy\Launchy.exe
file: C:\Program Files (x86)\Launchy\Launchy.exe
size: 286720
MD5: 4FBFDD7B45BA8E39199447FD481FFFE9
Located: Startup (allgemein), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 1200144
MD5: FEF4B7A9BBD3AC934F52A3BCA33312FD
Located: Startup (Benutzer), Dropbox.lnk
where: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe
file: C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 23343848
MD5: F4D6D11C89616549652067E7C8FA1ADF
Located: Startup (Benutzer), OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
where: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
size: 227712
MD5: 358AE5DF3E3E62CC9EBD63B145BC3259
--- Browser helper object list ---
{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: S:\Programme\Adobe Shit\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 27.03.2007 03:54:18
Date (last access): 18.05.2009 19:26:14
Date (last write): 27.03.2007 03:54:18
Filesize: 118784
Attributes: archive
MD5: C193B8ECC43122C46D13427C754323B4
CRC32: 85EE32BE
Version: 1.0.0.0
{65134FDF-F8A5-4B3D-91D9-CDF273CFD578} (dTPodcastBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: dTPodcastBHO
CLSID name: PodcastBHO Class
Path: C:\Program Files (x86)\Common Files\doubleTwist\
Long name: IEPodcastPlugin.dll
Short name: IEPODC~1.DLL
Date (created): 12.01.2011 14:59:08
Date (last access): 12.01.2011 14:59:08
Date (last write): 07.12.2010 16:32:34
Filesize: 61440
Attributes: archive
MD5: D79E9ECD84F3FB0A49B4ABBD52F7A045
CRC32: B1CCAEE3
Version: 1.3.0.0
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 18.08.2009 11:32:12
Date (last access): 16.11.2010 00:43:36
Date (last write): 18.08.2009 11:32:12
Filesize: 403840
Attributes: archive
MD5: D46ED7D33E847CD9E78E9F02910536B5
CRC32: A5B7CE0C
Version: 6.500.3165.0
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 04.05.2009 19:17:54
Date (last access): 04.05.2009 19:17:54
Date (last write): 04.05.2009 19:17:54
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~2\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 28.02.2010 02:20:14
Date (last access): 10.11.2010 16:34:28
Date (last write): 28.02.2010 02:20:14
Filesize: 561552
Attributes: archive
MD5: 0A63D9A102C3C0209465EA60199E6882
CRC32: AA1F9E0F
Version: 14.0.4750.1000
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 17.07.2010 05:08:56
Date (last access): 05.08.2010 18:40:24
Date (last write): 17.07.2010 05:08:56
Filesize: 41760
Attributes: archive
MD5: 6D5ADB1C823BFE21F9431D0995C7B185
CRC32: 71F413A1
Version: 6.0.210.7
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Gears Helper
CLSID name: Google Gears Helper
Path: C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\
Long name: gears.dll
Short name:
Date (created): 23.02.2010 05:51:18
Date (last access): 06.03.2010 09:57:04
Date (last write): 23.02.2010 05:51:18
Filesize: 2121728
Attributes: archive
MD5: 432226E3E9C09A73F389A65DEC49BB2F
CRC32: B0B45F47
Version: 0.5.36.0
--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\SysWow64\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 07.01.2009 17:20:24
Date (last access): 07.01.2009 17:20:24
Date (last write): 07.01.2009 17:20:24
Filesize: 1486192
Attributes: archive
MD5: BCEA8FA64B757A172D7F8406DEAB0BE4
CRC32: 15086C9A
Version: 1.9.9.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 19.11.2008 13:12:40
Date (last access): 17.07.2010 04:01:04
Date (last write): 17.07.2010 04:00:08
Filesize: 108320
Attributes: archive
MD5: 25F044BAA126064EB0284FB6C115BAB9
CRC32: 9CD13605
Version: 6.0.210.7
[gekürzt]
Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp
Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost
Service (registry key): wlidsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live ID Sign-in Assistant
Description: Enables Windows Live ID authentication.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Image size: 2291568
Image MD5: 98F138897EF4246381D197CB81846D62
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\DRIVERS\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: http
Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 428032
Image MD5: 622D95520182F6D3D05310D5810CA8B3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: User Mode Driver Frameworks Platform Driver
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf
Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {531C16E5-4700-483D-A4D7-508A5933EC19}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {6F28AD1D-911C-4979-AF63-A58758057C69}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {7EF0FB1D-41AE-4877-9105-2B373EB8CC7A}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {CECE7FE5-3CDE-4F68-9AF3-0649EDE0AE0B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {CEE041D1-5EB1-4E2C-ABC7-18BB9861ECFF}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {EE18660E-3A7A-460B-A12B-42FD4D4C655D}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): azg9li1v
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5544
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.01.2011 17:55:15
mbam-log-2011-01-18 (17-55-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|S:\|U:\|)
Durchsuchte Objekte: 1086853
Laufzeit: 3 Stunde(n), 38 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
s:\Dropbox\my dropbox\Privat\Software\actualspy.exe (Application.ActualSpy) -> Quarantined and deleted successfully.
s:\Pics\2005\Bolivia\Al\pztrain.exe (Malware.Gen) -> Quarantined and deleted successfully.
++++++++++++++++++++++++++++++++++++++++++++++++
Code:
OTL logfile created on: 18.01.2011 13:06:27 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\RoSh\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 39,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 53,94 Gb Free Space | 11,58% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 104,68 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 30,51 Gb Free Space | 6,55% Space Free | Partition Type: NTFS
Drive U: | 687,37 Gb Total Space | 455,24 Gb Free Space | 66,23% Space Free | Partition Type: NTFS
Computer Name: ** | User Name: RoSh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\RoSh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Opera 10 Beta\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\PROGRA~2\DUMETE~1\DUMeter.exe (Hagel Technologies Ltd.)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\program files (x86)\lg soft india\fortemanager\bin\monitor.exe ()
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Launchy\Launchy.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
========== Modules (SafeList) ==========
MOD - C:\Users\RoSh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (DUMeterSvc) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3586.dll ()
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (PCGenFAM) -- C:\Windows\SysNative\drivers\PCGenFAM.sys (Soluto LTD.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\mod7700.sys (DiBcom SA)
DRV:64bit: - (MODRC) -- C:\Windows\SysNative\drivers\modrc.sys (DiBcom S.A.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PsSdkLBF) -- C:\Windows\SysNative\drivers\pssdklbf.sys (microOLAP Technologies LTD)
DRV:64bit: - (PsSdk41) -- C:\Windows\SysNative\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (SysTool) -- C:\Windows\SysNative\drivers\SysTool64.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\JGOGO.sys (JMicron )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (DUMeterDrv) -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS (Hagel Technologies Ltd.)
DRV - (DgiVecp) -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 11 33 9D B0 B4 CA 01 [binary data]
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 09:57:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.12 17:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.19 13:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010.11.12 19:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010.11.12 19:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010.11.12 19:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010.11.12 19:21:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 15:06:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.09.06 19:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2010.09.06 19:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.19 13:45:18 | 000,000,000 | ---D | M]
[2009.10.06 11:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Extensions
[2011.01.18 00:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions
[2010.04.28 08:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.11 03:43:22 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011.01.04 13:04:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.21 18:51:26 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.09.10 20:26:06 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010.05.29 18:43:42 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.23 12:23:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.10.27 21:27:35 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\battlefieldheroespatcher@ea.com
[2010.11.11 03:43:25 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\extension@virtusdesigns.com
[2011.01.04 13:04:02 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\firegestures@xuldev.org
[2010.07.13 13:27:06 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\maps@ovi.com
[2010.11.11 03:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\extension@virtusdesigns.com\chrome
[2010.11.11 03:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Firefox\Profiles\om8y1ash.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009.11.24 22:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoSh\AppData\Roaming\mozilla\Sunbird\Profiles\m9nr8eo4.default\extensions
[2009.06.29 16:58:11 | 000,002,164 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\bing.xml
[2009.06.20 06:09:11 | 000,002,654 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\google-bildsuche.xml
[2009.06.20 06:09:11 | 000,002,016 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\leo-de-es.xml
[2009.06.20 06:09:11 | 000,002,007 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\leo-en-de.xml
[2008.06.24 22:26:56 | 000,000,681 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\webster.xml
[2009.08.05 13:15:25 | 000,002,275 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\wolframalpha.xml
[2009.06.20 06:09:11 | 000,002,431 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\searchplugins\youtube---videos.xml
[2011.01.18 00:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.05 18:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.03.06 09:57:03 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2010.11.19 13:45:18 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.12 14:38:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.26 21:46:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 21:46:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.26 21:46:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.26 21:46:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.26 21:46:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.05.20 16:20:53 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - S:\Programme\Adobe Shit\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - S:\Programme\Adobe Shit\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000..\Run: [Microsoft Works Update Detection] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2204050855-2847797839-2532557262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\RoSh\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5688906e-d559-11df-a013-001a921cbb7e}\Shell - "" = AutoRun
O33 - MountPoints2\{5688906e-d559-11df-a013-001a921cbb7e}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DU Meter - hkey= - key= - C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\RoSh\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WallPaper - hkey= - key= - C:\Programme\Wallpaper Changer\Wallpaper.exe ()
MsConfig:64bit - StartUpReg: WinPatrol - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {937E53D8-EC0E-AFE2-8EB1-9D3E787D62B0} - Microsoft Windows Media Player
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {96EDD00B-3C73-484A-A416-F911B0A3BF80} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8ED52399-3776-89BA-ED49-80D4304785BC} - Themes Setup
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2E047B4-9285-CBFE-49F6-ADD8FFCCED9E} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.01.18 13:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RoSh\Desktop\OTL.exe
[2011.01.17 17:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ice-pick Lodge
[2011.01.17 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games
[2011.01.17 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Documents\My Photos
[2011.01.17 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Documents\My Documents
[2011.01.17 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.01.17 00:33:50 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\HTC
[2011.01.17 00:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.01.17 00:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.01.17 00:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2011.01.17 00:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2011.01.17 00:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.01.14 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Desktop\mu
[2011.01.12 18:48:06 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 18:48:06 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 18:48:06 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 18:48:06 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 18:48:06 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 18:48:05 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 18:48:05 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 18:48:05 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 18:48:05 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 18:48:05 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 18:48:04 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 18:48:04 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 18:48:04 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 18:48:04 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 18:48:04 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 18:48:04 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 18:48:04 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 18:48:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 18:48:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 18:48:03 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 18:48:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 18:48:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 18:48:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 18:48:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 18:48:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 18:48:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 18:48:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 18:47:54 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 18:47:54 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.12 14:59:11 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Local\doubleTwist Corporation
[2011.01.12 14:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\doubleTwist
[2011.01.12 14:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
[2011.01.12 14:59:04 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011.01.12 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2011.01.12 14:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\doubleTwist 2.0
[2011.01.11 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\RoSh\Application Data
[2011.01.11 11:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.01.10 23:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte
[2011.01.10 23:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.01.10 23:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.01.10 22:56:05 | 000,000,000 | ---D | C] -- C:\AMD
[2011.01.04 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2011.01.04 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2011.01.04 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011.01.04 01:39:26 | 000,000,000 | ---D | C] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver
[2010.08.16 20:21:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RoSh\AppData\Roaming\pcouffin.sys
[2010.08.16 20:20:18 | 016,790,447 | ---- | C] (ChattChitto©) -- C:\Program Files (x86)\DVDFab Platinum v6.2.1.8 Final + Serial [ChattChitto RG].exe
[2008.10.07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\RoSh\*.tmp files -> C:\Users\RoSh\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.01.18 13:04:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RoSh\Desktop\OTL.exe
[2011.01.18 12:47:33 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.18 12:47:33 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.18 12:39:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2204050855-2847797839-2532557262-1000UA.job
[2011.01.18 12:38:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.01.18 12:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.18 12:37:53 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.18 03:54:20 | 000,061,344 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx
[2011.01.18 03:54:20 | 000,061,344 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx
[2011.01.18 03:54:20 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000006-00001102-00000005-00211102}.rfx
[2011.01.18 03:16:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.18 02:37:03 | 001,537,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.18 02:37:03 | 000,670,026 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.18 02:37:03 | 000,628,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.18 02:37:03 | 000,136,476 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.18 02:37:03 | 000,111,920 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.17 13:39:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2204050855-2847797839-2532557262-1000Core.job
[2011.01.12 23:08:26 | 000,006,456 | ---- | M] () -- C:\Users\RoSh\.recently-used.xbel
[2011.01.12 14:59:27 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.12 14:59:06 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011.01.05 14:21:13 | 000,007,098 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.01.05 14:21:04 | 002,439,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.04 21:10:38 | 001,567,190 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.04 21:05:08 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.04 21:04:58 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\Pbsvc.exe
[2011.01.04 01:39:18 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.01.04 01:39:18 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.01.04 01:39:18 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.01.04 01:39:18 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\RoSh\*.tmp files -> C:\Users\RoSh\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.01.12 23:08:26 | 000,006,456 | ---- | C] () -- C:\Users\RoSh\.recently-used.xbel
[2011.01.12 14:59:27 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.12 14:59:06 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011.01.12 14:59:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.06 17:58:08 | 000,007,668 | ---- | C] () -- C:\Users\RoSh\AppData\Local\resmon.resmoncfg
[2010.10.05 12:19:38 | 001,567,190 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.16 20:22:13 | 000,000,034 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.log
[2010.08.16 20:21:00 | 000,099,384 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\inst.exe
[2010.08.16 20:21:00 | 000,007,859 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.cat
[2010.08.16 20:21:00 | 000,001,167 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\pcouffin.inf
[2010.06.11 12:28:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010.05.10 12:30:02 | 000,000,098 | ---- | C] () -- C:\Windows\galaxy.ini
[2010.04.26 10:33:39 | 000,113,152 | ---- | C] () -- C:\Users\RoSh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 20:16:35 | 000,000,636 | ---- | C] () -- C:\Users\RoSh\AppData\Roaming\synOtunes.plist
[2010.02.01 10:28:49 | 000,015,418 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2009.11.17 14:16:10 | 000,000,301 | ---- | C] () -- C:\Windows\game.ini
[2009.10.06 15:49:23 | 000,007,098 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.06 10:47:34 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.10.06 10:47:34 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.08.04 19:39:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.07 15:25:37 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.06.09 09:15:14 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\dblmsg.dll
[2009.05.18 19:17:58 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009.04.16 10:53:35 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.03.21 00:56:23 | 000,000,380 | ---- | C] () -- C:\Windows\SOF.INI
[2008.12.16 14:09:33 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.11.30 15:04:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008.10.07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008.08.19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\RoSh\AppData\Roaming\MafiaSetup.exe
========== LOP Check ==========
[2009.10.06 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\#Short company name#
[2010.09.23 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\.minecraft
[2010.04.26 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ACD Systems
[2009.10.08 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atari
[2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atlus
[2010.03.31 14:09:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Audacity
[2010.05.04 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Autodesk
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Bioshock
[2010.03.10 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Blender Foundation
[2010.12.17 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Broken Rules
[2010.03.16 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Celemony Software GmbH
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\CoCreate
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Colibri
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Crayon Physics Deluxe
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools
[2010.10.11 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools Lite
[2010.05.10 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dev-Cpp
[2010.12.02 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DocClockGame
[2011.01.18 12:39:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dropbox
[2010.01.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DynaGeo
[2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu
[2009.10.12 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit
[2010.11.22 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit Software
[2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\FUEL Demo
[2011.01.12 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\gtk-2.0
[2011.01.17 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC
[2011.01.17 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.02.16 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\inkscape
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\johnsadventures.com
[2009.12.15 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Karteikartentrainer
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Launchy
[2009.10.08 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Leadertech
[2010.02.10 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\MAXON
[2010.05.20 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\mythtv
[2010.09.09 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Need for Speed World
[2010.07.13 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia
[2010.07.12 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia Ovi Suite
[2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Notepad++
[2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\OpenOffice.org
[2010.10.15 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Opera
[2010.07.12 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\PC Suite
[2010.10.26 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Pingus
[2010.02.01 23:02:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Q-Dir
[2009.10.06 11:21:33 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\QIP
[2011.01.14 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SoftGrid Client
[2010.06.11 12:36:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Soluto
[2009.10.06 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SPAMfighter
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Spamihilator
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Subversion
[2009.11.24 17:10:30 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sync App Settings
[2011.01.05 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TeamViewer
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Teeworlds
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TerraTec
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\The Creative Assembly
[2010.10.05 12:21:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TP
[2010.02.01 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Trillian
[2010.09.29 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3
[2009.10.08 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 Demo
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TrueCrypt
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Ubisoft
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Volume Logic iTunes Plug-in
[2010.08.16 20:22:13 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Vso
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinPatrol
[2011.01.04 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver
[2010.12.06 22:52:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.10.06 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\#Short company name#
[2010.09.23 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\.minecraft
[2010.04.26 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ACD Systems
[2011.01.17 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Adobe
[2010.06.11 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Apple Computer
[2009.10.08 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atari
[2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ATI
[2009.10.06 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Atlus
[2010.03.31 14:09:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Audacity
[2010.05.04 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Autodesk
[2010.11.26 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Avira
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Bioshock
[2010.03.10 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Blender Foundation
[2010.12.17 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Broken Rules
[2010.03.16 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Celemony Software GmbH
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\CoCreate
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Colibri
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Crayon Physics Deluxe
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Creative
[2009.10.06 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools
[2010.10.11 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DAEMON Tools Lite
[2010.05.10 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dev-Cpp
[2010.09.07 10:42:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DivX
[2010.12.02 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DocClockGame
[2011.01.18 12:39:48 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Dropbox
[2011.01.18 02:55:29 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\dvdcss
[2010.01.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\DynaGeo
[2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu
[2009.10.12 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit
[2010.11.22 09:41:09 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Foxit Software
[2009.10.06 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\FUEL Demo
[2010.06.07 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Google
[2011.01.12 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\gtk-2.0
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Hamachi
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HP
[2011.01.17 00:33:50 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC
[2011.01.17 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.10.06 18:19:28 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Identities
[2010.02.16 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\inkscape
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\johnsadventures.com
[2009.12.15 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Karteikartentrainer
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Launchy
[2009.10.08 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Leadertech
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Logitech
[2009.10.06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Macromedia
[2010.02.10 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\MAXON
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Media Center Programs
[2010.11.10 18:54:14 | 000,000,000 | --SD | M] -- C:\Users\RoSh\AppData\Roaming\Microsoft
[2009.11.24 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Mozilla
[2010.05.20 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\mythtv
[2010.09.09 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Need for Speed World
[2010.07.13 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia
[2010.07.12 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Nokia Ovi Suite
[2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Notepad++
[2009.10.06 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\OpenOffice.org
[2010.10.15 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Opera
[2010.07.12 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\PC Suite
[2010.10.26 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Pingus
[2010.02.01 23:02:27 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Q-Dir
[2009.10.06 11:21:33 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\QIP
[2009.10.06 11:21:36 | 000,000,000 | RH-D | M] -- C:\Users\RoSh\AppData\Roaming\SecuROM
[2011.01.14 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SoftGrid Client
[2010.06.11 12:36:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Soluto
[2009.10.06 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\SPAMfighter
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Spamihilator
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Subversion
[2009.11.23 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sun
[2009.11.24 17:10:30 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Sync App Settings
[2009.11.24 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Talkback
[2011.01.05 14:58:52 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TeamViewer
[2009.10.06 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Teeworlds
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TerraTec
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\The Creative Assembly
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TortoiseSVN
[2010.10.05 12:21:16 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TP
[2010.02.01 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Trillian
[2010.09.29 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3
[2009.10.08 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Tropico 3 Demo
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\TrueCrypt
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\U3
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Ubisoft
[2010.11.12 16:16:35 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\vlc
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Volume Logic iTunes Plug-in
[2010.08.16 20:22:13 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\Vso
[2009.10.06 11:21:39 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinPatrol
[2008.11.03 00:58:55 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\WinRAR
[2011.01.04 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\RoSh\AppData\Roaming\ZombieDriver
< %APPDATA%\*.exe /s >
[2010.08.16 20:21:00 | 000,099,384 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\inst.exe
[2004.01.26 16:15:29 | 000,233,472 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\MafiaSetup.exe
[2010.12.17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.12.17 03:24:34 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Users\RoSh\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2008.12.10 18:24:56 | 003,719,168 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Folding@home-gpu\FahCore_11.exe
[2011.01.17 00:27:45 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\RoSh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.12.19 13:04:57 | 000,023,558 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_18be6784.exe
[2008.12.19 13:04:57 | 000,023,558 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_294823.exe
[2009.02.21 13:03:02 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
[2009.09.23 16:59:04 | 000,010,134 | R--- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.03.27 08:03:08 | 001,560,576 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WZgrapher\wplotde.exe
[2009.01.16 17:18:23 | 000,227,328 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WZgrapher\wzgrapher.exe
[2009.01.08 18:38:41 | 000,169,936 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\FlashGot.exe
[2009.09.14 17:58:22 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\RoSh\AppData\Roaming\Mozilla\Firefox\Profiles\om8y1ash.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\RoSh\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\RoSh\AppData\Roaming\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008.09.03 11:57:58 | 000,024,576 | R--- | M] () MD5=13152546664ADBC55D2BB3C470C36D20 -- C:\Perl64\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >
PS: Ich konnte meine Logfiles .txt mit 300kb nicht hochladen und meine Beitragslänge mit denselben war auch gut 3mal mehr als erlaubt. Wenn was rausgeschnitten ist hab ichs notiert. |
