| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2012, 19:02
| #1 |
 |  Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Hallo, ich brauche unbedingt Eure Hilfe. Ich habe mir den Ukash-virus eingefangen. Bei Neustart fährt zwar Win 7 ordentlich hoch, jedoch ploppt kurz nachdem der Desktop erscheint gleich wieder das Bild der "International Police Association" ins Bild. Habe dann den Rechner im abgesicherten Modus gestartet und er läuft soweit. Keine "Ukash-Meldung" mehr. Ein Freund von mir hat bereits Malwarebytes Anti-Malware installiert und einen kompletten Scan laufen lassen. Nur hat er alle Funde gelöscht und wenn ich das hier richtig gelesen habe sollte man das nicht tun. Besteht noch Hoffnung für meinen Rechner. Ich komme problemlos in den abgesicherten modus und habe auch schon Malwarebytes auf dem Pc, nur keine Internetverbindung zum Updaten. Was soll Ich jetzt tun? Danke schonmal für die Hilfe Geändert von reggi (23.11.2012 um 19:07 Uhr) |
|
23.11.2012, 21:09
| #2 | ||
| /// TB-Ausbilder  | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Scan und Unlock mit SREP Downloade dir bitte srep.exe und speichere diese auf einen USB Stick. Wichtig: Nicht in einen Ordner speichern.
Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.
__________________ |
|
23.11.2012, 21:32
| #3 | |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr hay ho.
__________________Ok hab den Scan durchlaufen lassen und komme wieder normal ins Sytem. Hier die shell datei Zitat:
|
|
23.11.2012, 21:38
| #4 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Gut! Wir müssen jetzt noch dringend die Reste entfernen. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Customscan mit OTL Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.11.2012, 21:49
| #5 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Habe den ersten schritt ausgeführt. Nach dem neustart kommt jetzt wieder das IAC bild und ich kann nix machen. |
|
23.11.2012, 21:52
| #6 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Fix mit SREP Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe
Starte deinen Rechner bitte erneut in den Abgesicherten Modus mit Eingabeaufforderung. Schließe deinen USB Stick erneut an den Infizierten Rechner. Bitte nutze den selben USB Steckplatz wie beim Scan
Berichte bitte, ob Du nun wieder auf den Infizierten Rechner zugreifen kannst. Wir sind dann aber noch nicht fertig!
__________________ --> Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr |
|
23.11.2012, 22:06
| #7 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr so alles gemacht und das bildkommt leider immer noch. |
|
23.11.2012, 22:11
| #8 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Dann bitte nochmal SREP mit Scan.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.11.2012, 22:29
| #9 | |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Leider kein erfolg. hier die neue shell datei Zitat:
|
|
23.11.2012, 22:34
| #10 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ... und das hast du hier wirklich so gemacht? Fix mit SREP Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe
Starte deinen Rechner bitte erneut in den Abgesicherten Modus mit Eingabeaufforderung. Schließe deinen USB Stick erneut an den Infizierten Rechner. Bitte nutze den selben USB Steckplatz wie beim Scan
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.11.2012, 22:47
| #11 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Habs ebend nochmal probiert und diesmal nur den Text kopiert der da steht. Davor habe ich auf alles kopieren geklickt. Aber es hat wieder nicht geklappt. Also ich habe alles so gemacht wie es dort steht, nur das x bei X:srep.exe habe ich durch den laufwerksbuchstaben ersetzt. |
|
23.11.2012, 22:50
| #12 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Bitten den Text eben markieren und mit STRG C kopieren. Nochmal wiederholen bitte.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.11.2012, 23:03
| #13 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Jetzt gehts wieder. Dann mach ich weiter mit schritt 2? |
|
23.11.2012, 23:12
| #14 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr genau Schritt 2 bitte. Scan mit OTL.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.11.2012, 23:28
| #15 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ok alles durch hier die OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 23:11:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reggi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,46% Memory free 6,49 Gb Paging File | 5,07 Gb Available in Paging File | 78,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,26 Gb Total Space | 256,78 Gb Free Space | 57,67% Space Free | Partition Type: NTFS Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32 Drive J: | 7,23 Gb Total Space | 7,08 Gb Free Space | 97,90% Space Free | Partition Type: FAT32 Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Reggi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 EF DE 8F 91 9A CC 01 [binary data] IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20121022 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Reggi\AppData\Roaming\5053 [2011.12.07 00:53:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Extensions [2012.10.24 16:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions [2012.09.23 17:23:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.24 16:47:59 | 002,290,783 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\nasanightlaunch@example.com.xpi [2012.10.12 12:34:34 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.27 21:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.07 00:53:06 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\REGGI\APPDATA\ROAMING\5053 [2012.10.27 21:19:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.26 15:33:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:42:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 15:33:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 15:33:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 15:33:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 15:33:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [svñhîst] C:\Users\Reggi\AppData\Local\Temp\0rAFCE4.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\tnnsq90lt.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D708A31-5936-4F72-9C6E-C9C41C34E7FB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.06.07 11:24:12 | 000,000,000 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Reggi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll () Drivers32:64bit: vidc.mpeg - bdmpegv64.dll () Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll () Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll () Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: DnsCache - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: LanmanWorkstation - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 23:05:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe [2012.11.22 22:22:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.20 22:03:46 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes [2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.20 22:03:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.20 22:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.14 18:24:16 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE} [2012.11.11 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10} [2012.10.29 01:15:04 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D} [2012.10.27 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791} [2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.23 23:08:27 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 23:08:27 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 23:05:38 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.23 23:05:38 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.23 23:05:38 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.23 23:05:38 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.23 23:05:38 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.23 23:05:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe [2012.11.23 23:01:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.23 23:00:59 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 22:04:46 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.20 21:32:06 | 000,022,535 | ---- | M] () -- C:\Users\Reggi\Desktop\Steckbrief.odt [2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 22:03:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 20:25:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll [2012.10.09 20:25:40 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll [2012.10.09 20:25:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll [2012.10.09 20:25:40 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll [2012.10.09 20:25:40 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll [2012.10.09 20:25:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll [2012.08.03 21:03:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad [2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.12.07 00:52:52 | 000,000,036 | ---- | C] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res [2011.11.16 19:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.16 19:07:08 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.06 17:59:13 | 000,000,093 | ---- | C] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat [2011.11.06 17:57:48 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.06 10:24:31 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.04 03:46:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.04 01:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-4293284574-4106077085-2191208304-1000\$46a71d9b1f14aa218d4d5b222b53bba7\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft [2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft [2011.12.07 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\5053 [2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT [2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft [2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin [2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek [2011.12.07 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\kock [2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient [2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org [2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin [2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung [2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater [2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync [2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs [2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm [2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.09 15:20:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.08.09 08:45:53 | 000,000,000 | ---D | M] -- C:\AMD [2011.11.04 01:45:06 | 000,000,000 | ---D | M] -- C:\ATI [2012.01.10 18:59:19 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.10.16 19:51:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.08.07 22:23:59 | 000,000,000 | ---D | M] -- C:\Games [2012.11.22 22:22:58 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2012.09.23 23:13:37 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.20 22:03:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.20 22:03:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.10.16 19:51:43 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.03 23:32:06 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.27 22:29:17 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.11.23 23:13:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.04 13:42:10 | 000,000,000 | ---D | M] -- C:\Temp [2012.08.07 22:22:56 | 000,000,000 | R--D | M] -- C:\Users [2012.11.22 17:17:25 | 000,000,000 | ---D | M] -- C:\Windows [2011.11.04 00:17:39 | 000,000,000 | ---D | M] -- C:\Windows.old < %SYSTEMDRIVE%\*.* > [2012.11.23 21:45:48 | 000,010,896 | ---- | M] () -- C:\AdwCleaner[S1].txt [2009.12.26 12:34:45 | 000,425,067 | ---- | M] () -- C:\AnalysisLog.sr0 [2011.12.11 22:41:08 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2011.11.03 22:49:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.11.05 17:37:45 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012.11.23 23:00:59 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2008.02.18 15:50:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.12.02 23:54:53 | 000,255,141 | RHS- | M] () -- C:\JRGFX [2008.02.18 15:50:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.23 23:01:01 | 3487,739,904 | -HS- | M] () -- C:\pagefile.sys [2011.11.11 02:21:13 | 000,063,262 | ---- | M] () -- C:\shared.log [2007.11.23 11:48:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007.12.22 12:02:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2008.01.06 12:54:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2009.06.07 17:00:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2007.11.23 11:48:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007.12.22 12:02:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008.01.06 12:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009.06.07 17:00:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2007.10.28 10:46:24 | 000,638,960 | ---- | M] () -- C:\TB.log [2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2011.12.02 23:54:53 | 000,000,020 | RHS- | M] () -- C:\winx.ld < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES(X86)%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %appdata%\*. > [2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft [2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft [2011.12.07 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\5053 [2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Adobe [2012.05.28 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Ahead [2011.11.04 01:50:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\ATI [2011.11.04 01:42:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Avira [2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT [2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft [2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin [2011.11.03 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Identities [2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek [2011.12.07 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\kock [2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient [2011.11.04 02:41:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Macromedia [2012.11.20 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Media Center Programs [2012.04.15 23:26:09 | 000,000,000 | --SD | M] -- C:\Users\Reggi\AppData\Roaming\Microsoft [2011.12.13 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Mozilla [2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org [2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin [2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung [2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater [2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync [2012.11.20 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Skype [2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs [2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs [2012.11.20 01:11:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\vlc [2011.12.02 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\WinRAR [2012.01.19 22:44:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Xfire [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm [2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView < %appdata%\*.* > [2011.12.08 19:30:37 | 000,000,065 | ---- | M] () -- C:\Users\Reggi\AppData\Roaming\AcroIEHelpe.txt [2011.12.09 00:58:00 | 000,000,036 | ---- | M] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res [2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ] < %localappdata%\*. > [2012.09.08 08:21:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\4A Games [2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Adobe [2012.05.28 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Ahead [2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Anwendungsdaten [2012.11.20 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ApplicationHistory [2012.07.16 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ArmA 2 [2012.07.19 13:06:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ArmA 2 OA [2011.11.04 01:50:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ATI [2012.10.24 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Chromium [2012.07.18 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Downloaded Installations [2011.11.07 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ESN Sonar [2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Microsoft [2011.11.18 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Morphyre [2011.11.04 02:34:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Mozilla [2012.08.12 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Origin [2012.11.20 22:13:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PMB Files [2012.06.13 23:24:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PokerStars.NET [2011.11.04 04:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PunkBuster [2012.07.04 17:58:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Samsung [2012.07.16 09:21:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SIX_Projects [2012.07.16 20:48:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SplitMediaLabs [2012.08.08 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SWTOR [2012.11.23 23:18:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Temp [2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Temporary Internet Files [2012.03.24 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\The Lord of the Rings Online [2012.10.17 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Turbine [2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Verlauf [2012.10.04 11:16:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\VirtualStore [2012.08.12 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Windows Live [2011.12.26 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{00A574B5-9D53-4A83-9DEC-18564BCCA878} [2011.12.11 00:24:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{00DC0FEA-93AB-4FEA-A4B7-58747C9C1864} [2011.11.08 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0297018F-E0DA-4E35-A56B-EF20454A9415} [2012.09.22 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0316C467-9506-4F26-B027-FD3CF48822F4} [2011.12.07 17:58:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{036864CF-E9C3-4120-B976-C689F8427445} [2012.05.01 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{042BECBA-B35C-477F-930E-7AD796A4CD27} [2011.12.07 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0451A34A-F884-478E-9571-A7ADCC575D76} [2012.10.08 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{048851E2-21A4-4A38-B623-93926D772200} [2011.12.25 14:51:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{05936B0F-9F3D-4708-8071-6FB8B0728662} [2011.12.17 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{063B6EDD-6720-4201-A968-45F68015C9C9} [2011.11.13 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{06DE57F3-87F9-42D0-ABF4-6C3AF99022A0} [2011.12.29 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{081A3D45-A626-43DA-B54C-90D53D0A98A1} [2011.12.10 12:23:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{09548C2A-6013-41F4-B90A-94D00DF7EB72} [2012.02.23 00:27:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{09C4DAC3-5CFD-4FEE-B4A9-3C95CB1B5873} [2012.09.29 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0A367733-AB56-4F4B-9167-46792F2C8F10} [2012.01.16 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0A513780-FFBB-4D7B-AD78-34374F7A7680} [2011.11.15 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0BF97A25-E0EC-413F-A5BB-1849FD309A89} [2012.07.01 13:36:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0CEE709A-7E42-41D9-AA7F-FDBFE6E8A502} [2012.09.23 23:41:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0D792EFB-C28B-4BAB-A53C-72D7FBF4C097} [2012.08.30 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0E339D2E-82C4-43D3-9999-BE1B821E3722} [2012.05.23 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1008470C-B862-4193-B379-A34495F05466} [2012.03.25 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1106242D-F8F0-437C-97E8-31F80ED4C1CB} [2011.11.11 09:37:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1216804D-E9B9-4ED1-82DF-FAD3F84DABFA} [2012.07.05 10:35:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1277F7DA-D737-45FE-9282-4060EC95069D} [2012.07.01 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{17555884-3FBF-4EAF-BC15-D0A1B09C0BD4} [2011.12.16 00:02:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{18E09BE3-40CE-4F66-9D35-496139CCE456} [2011.11.09 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1974249D-4A8B-4048-99A8-64B8E16497A6} [2012.01.02 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1BCD82CE-AA6F-4132-85F4-A62B22704857} [2012.01.18 00:24:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1F3CE19B-52FC-4D04-91EE-744875E53EFD} [2012.01.07 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{21D932C3-F5BB-404B-A356-0EE61B18C871} [2011.11.29 16:17:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{266FFB65-CCC6-4DDB-BCDA-F4028D5B0A59} [2011.11.26 15:36:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{27140D0E-6741-47E9-B5D2-EA41D3BDD8B4} [2012.06.12 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{285080D8-666B-4A50-8F4A-B3D64891EC4A} [2011.12.11 13:36:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{28B8D195-270F-4251-B0C6-0F5B03BEE5D1} [2012.01.15 14:23:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2905BC8D-60EA-46DC-821C-83C4B5EE34D2} [2012.10.04 23:21:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{293A41BA-EB5F-4567-A01F-9EB714A17B28} [2012.01.16 17:33:39 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2CDA216C-6C20-4C8B-8506-5989AD040F94} [2011.12.28 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2D1F2473-D526-41A6-A7AA-66015949F73C} [2012.06.24 12:55:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2D49D803-65B9-492D-BE23-989D3BB41294} [2011.12.12 15:49:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{306DA74D-3916-46C4-B4E2-C533B340473C} [2012.10.03 18:44:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{314C07BA-A2A4-47CC-9853-8FF141EDE4A5} [2012.04.08 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{31E7122E-371D-4C7B-ABC8-CE3BF28029A4} [2012.06.12 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{32BC53BA-DA9D-41CF-98EE-565599F13806} [2012.07.07 11:55:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{332C181C-3F74-4A31-9ED0-AB76788CBE30} [2012.02.23 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{334ACFEA-CD04-42B1-9C6D-72B6C1437887} [2011.11.26 00:40:16 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{33F0C358-746B-47B6-BED7-ADF921BBD210} [2011.11.26 00:40:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{344CBB08-0D8C-4E81-8E5C-25F5832AE5F3} [2011.11.23 13:51:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{35FCA0E6-8BE1-41D0-AC50-E8DF19CE643C} [2012.09.15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3973DF4B-DD23-49CA-8C3F-5646F9A2A8EB} [2011.12.05 17:12:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{39AE96F4-6364-44B6-9083-18A53271EC71} [2011.11.30 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3C3571CE-4440-4FED-B13D-9DF456E79359} [2012.05.20 14:11:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3CB6E7E6-E553-4E86-951F-BC2B910821F1} [2012.04.02 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3DFE5217-EF62-4A28-B649-6640F887E459} [2011.12.08 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3ECF8E3B-18B2-4499-9BC8-4761DF8CCC4D} [2011.11.09 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{40D176C3-D4BE-40D7-97A8-001EB0E7864C} [2011.12.09 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{416881AB-FA38-449D-924E-BA699C15FF8E} [2012.07.04 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4680D7F9-6710-4F08-8231-B798195C3C24} [2012.04.01 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{49674976-7279-4094-913A-51F231AE86A1} [2011.12.24 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{49BB5DE1-AD6D-417F-BC27-44037E90EECA} [2011.12.06 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4BB20910-59AB-4A48-A908-88069498089B} [2011.11.28 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4CB0C914-CAD3-4F9E-B776-BC2FFA748499} [2012.01.04 19:50:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4E86A3BC-9E7B-44C4-A669-28AA7EB06B47} [2012.07.01 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4E8DAD58-CEEF-4D01-8F34-A37C64466CFA} [2012.09.16 22:42:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4EB012FE-F461-472C-BC73-52B99AE97139} [2012.02.04 12:48:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{50E6F476-28CE-4DC7-8FB9-4689FB9EB955} [2012.01.01 13:09:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5192DB99-86B9-40FB-B740-A75C4FA732E3} [2011.12.04 10:45:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{521FA70B-D494-412B-AF55-992062000ADA} [2011.12.20 18:04:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{522FAE05-3E65-4663-B551-7C53E98E0540} [2011.12.19 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{524E532F-0497-4B31-A2ED-2ECEB08F8DD3} [2012.04.16 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5362FF79-B784-486C-BAA5-8E03C741AC12} [2012.05.13 13:53:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{54A836E8-C58F-4A32-BD73-3F62BD0CFA7E} [2012.08.27 21:52:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{54AE16B7-BE48-42AC-AFB5-151CF7F21596} [2012.01.06 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{55626C87-63AF-45D9-B443-B2289D6A906D} [2011.11.15 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{59D200E2-3316-4349-B1A1-B270F4837E7F} [2012.01.08 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5C5DCE7C-1FA0-4634-97F5-191193BCC471} [2012.09.24 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5CC52229-2CEC-4BC8-8CC1-35701DE0A6E4} [2012.10.07 10:43:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5DC7AB6A-0EA9-4CD3-B9C9-9038C9DA7EDE} [2012.02.25 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5E5A5FCB-9138-45D9-9C62-CE95B9BFB259} [2011.11.20 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{605C9703-7BFA-44C8-93E6-490AC29D1E87} [2012.06.12 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6086772E-2A8F-4961-82C1-00B48F90AFB1} [2011.12.14 20:24:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{60F65BA8-D041-4551-B7CA-6386597C823E} [2012.03.16 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{660D75AE-10ED-4785-9F2B-EBB0DD0E8E7A} [2011.12.27 10:06:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{66BC1CAD-2432-4004-95AB-9AFC5B3CAF9D} [2012.01.07 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6A84C4A3-1860-465D-B080-6DAFDA5D797A} [2012.07.02 01:41:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6ABFC5BA-594C-4E93-94B2-F7980B5B9B8C} [2011.12.28 12:03:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6D2BE464-A6EA-4D02-A71F-F1663C2C9034} [2011.12.27 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6D45CD7D-8A6A-4016-B005-0E0F3AF1B2BA} [2012.07.03 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6DC5E4A2-6D66-4BCA-A0ED-C9EBB9F06840} [2012.05.13 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6E9D77D1-D2EB-49DD-8CB5-9BAA1FDFA888} [2012.05.22 01:15:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{72800575-8869-4917-A364-230F0510CA9B} [2011.12.18 11:02:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{729F9036-FC4F-4AEF-B522-9D21664F711F} [2012.05.22 01:16:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{73361489-F017-4125-B404-14B696E90F6F} [2012.11.14 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE} [2012.10.17 12:26:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{756554FE-FFAA-4B6A-8B2B-9DE8C2ACDF51} [2012.01.04 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{783E624D-C77F-402E-92A8-C7C0636F89C1} [2012.01.15 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{78F4CAF3-2F68-4F92-ACB2-41145A54B85D} [2012.05.23 14:14:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7989B62B-E153-4351-A253-20FDE813E302} [2012.05.11 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7AB86D40-B91B-4F7E-8A80-96E90C504BA3} [2011.11.25 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7B512A8E-9D33-4719-877F-79BD46EE4806} [2012.07.02 13:42:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7E872347-E18E-41CA-8FA6-D0B6959E441A} [2011.12.28 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7E9B0B17-4C89-4B9E-9B11-2FE0D1C97AFE} [2012.08.28 22:32:30 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7F1DBF89-943C-4554-934E-E1891BBA2EBD} [2011.11.24 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7F25A1DD-BF41-4428-8C33-F26865BAA0CD} [2012.06.12 14:24:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7FA1B149-6F67-4E5A-9879-1F9F4E5338AE} [2011.12.21 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7FB578CD-7E78-4C3F-9A2F-0EB464DAA9C4} [2011.11.25 12:39:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8750B40E-AB2D-4D59-8BDF-398849E31B73} [2012.06.11 01:50:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{875D33D6-3515-48D2-A93D-CFD479DD04E8} [2011.12.01 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{883813DA-AAAF-49B2-B6D7-87073C9B2BE7} [2012.07.07 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8880E638-3CD4-43FA-9921-C174DB47531A} [2012.05.11 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8A6D920E-8F3D-4689-AEC0-96E82A01AEF7} [2011.12.19 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8B3A338E-8311-46DD-ABD9-38BEE2271587} [2012.06.11 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8C61080C-918F-4C32-B7B1-C9BBC03C8B9B} [2012.02.04 12:49:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E18DE0F-830E-4E96-B36B-AF2C5E380E4C} [2011.12.20 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E320D1D-9BF7-4ACE-8397-8F977C259CEF} [2011.11.30 12:49:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E4472A4-E72A-48C4-8792-D5BB73C8DEB3} [2012.10.27 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791} [2011.11.06 10:19:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8F89BAA8-90BE-4B36-9739-81FD7C19173C} [2012.10.10 00:25:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{907CE6E4-6C96-43A4-A7C5-CF2EE5D3D3C1} [2011.11.20 14:25:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{911CC915-C115-4D21-9B61-39BB7E06B832} [2012.09.13 23:12:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{915D2F17-F6DB-4AEE-B87A-296866BD77C0} [2012.03.16 23:46:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9340F673-1797-4C45-B7EF-7C1163F15675} [2011.12.24 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{93E0D264-4316-424B-B4D6-3DA592E1254E} [2012.10.06 10:42:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{942759C3-96E7-4A22-9030-177600EEDDAE} [2012.02.25 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{94B8461E-4F53-48B8-9CCA-AD571A6AC8F1} [2012.08.19 21:17:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{94BC0398-FC8B-4303-8730-6650CACEF545} [2012.10.10 14:09:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{950F34AE-9932-400F-8144-9AADBF3BE0FE} [2012.10.29 01:15:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D} [2012.04.04 21:44:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{99AA0FB4-B1FE-492A-A5B4-0BEFF4F47DD8} [2012.09.23 10:53:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9BFF7391-7BBA-4E0B-85A6-C49364D6D319} [2011.12.18 23:03:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9DBBCF21-9B8B-4023-AB63-2F6532724B74} [2011.12.26 12:25:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A2FC5C54-64D3-4562-948E-EB2CB475680C} [2012.07.02 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A3178C2D-43E4-41AD-AF7D-A9C20AB6CF26} [2012.03.30 09:11:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A4D836AC-D7A2-4075-B934-97BCA57EB46C} [2011.12.16 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A614B7F5-8E0D-4504-A6A7-F97E2944B816} [2011.12.04 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A7BD35BB-744B-42D5-8321-5ED8AE637878} [2011.12.06 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A862F520-1ABE-4041-A3F7-68EBEB077457} [2012.11.11 13:45:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10} [2012.05.07 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A9B46E1D-9EA7-4A6E-9B44-FD70DE6A48C4} [2011.12.04 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AB3808C5-9401-4535-9DB6-0C4C970C1AB4} [2012.07.01 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AEFAC4FB-DE5B-4FD5-8333-7640FEAD4277} [2011.12.23 10:02:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AF27FE82-09F5-49F3-873D-61CE30FBD7C5} [2012.06.24 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B0DAC5CD-0080-4042-9D45-0968F6054308} [2012.05.07 01:03:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B18649B0-EE98-4DC4-AF78-B6B607FB2F8A} [2011.11.12 18:49:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B3B7EEDC-4C65-4972-AE52-C0DE04D19504} [2011.11.26 15:35:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B40C1F06-6FB1-4317-A623-66EBA9CC3A63} [2011.12.11 00:24:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B4AD15B6-6ADF-4911-92CC-EE218AD46435} [2011.12.09 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B649F9B6-F000-4865-A28A-D5A5A038D2C7} [2012.07.02 01:42:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B78FA1BC-19A5-4705-87E1-EF6C441156A9} [2011.11.07 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B82E7DFA-52BF-48D4-9DD4-29DB9454D959} [2012.02.23 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B863A240-8FB8-4077-9CFE-27F489B049BC} [2011.12.13 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BACE63E1-499F-442B-89F7-5EDDF2366E1F} [2012.08.12 11:30:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BAE96535-7866-4DA2-B0F1-EA9CDF97C1A3} [2012.10.08 10:52:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BC9574B5-243E-4A47-B013-9F8FF42F99C1} [2012.05.23 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD41EDE9-1141-4601-9ACC-E62C82C53B2F} [2012.09.02 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD711154-53B0-42F0-9EDE-1F802D7FE726} [2012.05.20 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD7A1A29-A86B-4E54-B894-6514217847DA} [2012.01.01 13:08:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BEB50A07-1FBD-45A1-907A-D7E7D52B0B95} [2011.12.18 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BFCF25FB-8AB4-4708-9271-A045CE1CFC01} [2011.12.05 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C0130905-F1F1-4F35-885A-2CB3B352B251} [2012.05.23 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C041B59D-FB14-4F60-AA47-252F77C2219D} [2011.11.10 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C27E555E-B09C-4A27-B70A-749A54543131} [2011.12.18 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C49B32D0-3415-47C0-904B-D4CB7C9B9852} [2011.12.17 12:23:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C5F5D468-989D-4979-B61B-493C9C13BD5D} [2012.07.03 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C78C8E0B-4618-4610-81A7-2C092E47A9CE} [2011.12.10 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C90CB5D7-1DB6-40F3-B1C7-E1286E85C3E5} [2012.08.26 12:44:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C9650CC3-79FC-44B1-8DF4-6CAF9EF48607} [2012.08.25 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C9746083-5AA0-4406-BEFC-F1C269972F06} [2011.12.04 22:46:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CAA0A043-9D9C-4AAB-9474-1CF2EB503415} [2011.11.27 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CAD8C04F-7CA4-40E9-949B-21854D1FC047} [2012.01.06 19:05:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CB0C0690-00F3-4A61-8041-691D95C12F4F} [2012.10.09 12:24:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CBCD8CD3-0559-4986-99EF-010787AF4502} [2012.09.12 22:42:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D0EB68B6-AA42-4FD0-B49C-A75ECEFAF141} [2012.01.02 01:09:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D1DD1367-A620-4A36-BFD6-6BE8388E29E5} [2011.11.12 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D29862E0-F86F-4ACA-B8CA-609C8F016074} [2012.01.18 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D2B7D952-A410-4FD9-88F4-0F8A485FC507} [2011.11.06 10:20:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D49D33DC-D61F-404F-95EF-1251FF931528} [2012.03.31 14:24:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D53CD2C3-B1C0-41C1-8AA2-9026BD29D1B8} [2011.11.28 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D7B45F20-48E9-4367-B5C4-C440A1476EBE} [2011.12.23 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D7C525CE-0FA8-4A31-AFAD-014478B4968D} [2012.09.01 11:00:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D826800E-E468-46A9-8465-0CEA2C352510} [2011.12.14 20:24:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D96303C7-E04A-45FE-B47F-F4B31EC94796} [2012.10.05 11:22:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DAB8CF2B-5C00-41F2-9862-ACE7A28CB3E3} [2011.12.25 14:51:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DBFA9C5D-4263-42AB-9B0C-84D6AB963954} [2012.05.20 11:36:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DC1A3D65-3435-4CE2-86C3-353E31FB1F27} [2012.01.02 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DCCBCAF4-842B-4C15-9844-9B55884D9D9D} [2011.12.08 19:33:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DCD444A8-86BE-48BF-8F5D-C17CC3AB0733} [2012.10.04 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DD37CF3B-DB3A-4FAA-BAC2-213CAF36D04E} [2012.01.02 01:09:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DD7678D2-25AD-48F5-8529-A223A498660E} [2011.11.13 13:45:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E22A629E-1375-4EBE-9C98-3D3C3F4E60A6} [2011.11.23 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E371392A-D2BB-4ADE-ADCC-BC1EDBA9113C} [2012.03.29 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E37AE54B-8AF3-4892-B160-5684A645803F} [2012.09.03 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3D0D0A9-CBDB-4DEE-8981-2E1ABF66425F} [2012.05.13 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3E96889-9A08-4B6E-B5D6-DA1557E5BC01} [2011.12.01 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3F49FA9-E096-4576-97A5-39C3059763E5} [2011.12.12 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E5F4DC2F-EF0C-4738-B894-98532F7A3427} [2011.11.27 12:04:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E89E199A-AC2E-4D8C-87D0-5EFA1746469A} [2012.07.05 10:35:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8B73477-4C8A-4B1E-A7F1-718407E755FA} [2011.11.11 09:37:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8C18A32-8A11-457E-ACAE-D4CED438237F} [2011.12.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8F730C6-1BC5-4964-AA0D-FC9B6CF57968} [2011.11.08 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E9181EC5-7B01-43D2-A795-E138E711C0BF} [2012.08.12 11:30:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E9463EB5-940A-4E9C-AD8C-1734D104DBD0} [2012.08.29 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{ED74F60E-536B-4666-A8B6-066DC888DAAF} [2011.12.29 00:04:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EDAAE53F-96FD-4D38-B852-345489883A0F} [2011.11.07 14:26:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EE7E7B67-24CF-40B6-8BD8-FBFDDD40C803} [2011.11.24 19:45:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EEE11DFA-93CD-4F24-B5FE-99AC63DF8673} [2011.11.29 16:17:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F2A07989-43FF-47AA-AF84-E0DB3D3EEECE} [2012.01.08 12:12:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F4188D73-9CDA-4BF3-A036-92044E64D109} [2012.07.04 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F5320B54-5EA1-4E74-81D5-C902E61E03F6} [2011.12.28 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F5AC756A-F307-4E78-B038-5E516A1ECC93} [2012.05.01 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F901C49C-193F-4095-A53C-8EBB4A83276B} [2011.11.10 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FA2F469C-537D-4C38-9EE4-392A40E984E3} [2012.03.25 01:14:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FCF16554-4F8B-4A06-92F5-94971BDEF541} [2011.12.11 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FD8577C3-99B8-4EA4-97C5-BA1F6F8D75C6} [2012.05.13 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FD963E38-B74E-46B2-B6D1-9E23E1516892} [2012.10.14 00:32:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FE4F257C-5CA5-4C69-A1C9-E7C6FA1B8A2A} [2012.09.06 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FEA66787-BD91-4460-B91A-6C9FEF50AD0F} [2012.05.20 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FED936D9-5096-4EA6-9E6D-C6E912DDB6CA} [2011.12.21 20:36:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FF84E494-194A-494B-AE85-28364D18CF5C} [2012.02.23 23:45:39 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FFB26A67-B244-4745-A298-64A8603AE26A} < %localappdata%\*.* > [2011.11.06 17:59:13 | 000,000,093 | ---- | M] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat [2012.07.13 14:20:23 | 000,064,912 | ---- | M] () -- C:\Users\Reggi\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.23 22:41:53 | 001,266,953 | -H-- | M] () -- C:\Users\Reggi\AppData\Local\IconCache.db < %allusersprofile%\*. > [2012.04.15 23:27:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2012.08.09 08:49:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD [2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.08.09 08:49:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI [2011.11.04 01:42:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.05.24 02:58:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net [2012.05.24 03:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.11.04 04:06:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2012.02.22 22:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs [2011.11.04 04:07:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.11.30 19:22:57 | 000,000,000 | ---D | M] -- C:\ProgramData\hps [2012.11.20 22:03:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.11.06 09:55:20 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.05.10 13:29:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2011.11.15 20:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2012.09.22 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin [2012.11.20 22:08:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2012.07.04 17:51:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung [2012.06.27 12:52:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\SecuROM [2012.07.29 21:50:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2012.07.16 20:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SplitMediaLabs [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.11.08 15:33:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.11.30 19:39:15 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp [2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012.01.19 21:29:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Xfire < %allusersprofile%\*.* > [2012.08.03 21:03:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad [2011.11.16 19:48:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt < End of report > |
|
| Themen zu Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr |
| abgesicherten, anti-malware, association, bild, brauche, desktop, freund, gelöscht, gestartet, installiert, interne, internetverbindung, kein zugriff, malwarebytes, modus, neustart, problemlos, rechner, scan, schonmal, unbedingt, update, verbindung, virus, win, zugriff |
Textbox.
Linear-Darstellung
