| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google wird z.T. redirected+Windows Security Center disabled unter W7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.06.2011, 13:10
| #1 |
 |  Google wird z.T. redirected+Windows Security Center disabled unter W7 Hallo zusammen. Ich habe seit gestern einen sehr seltsamen Virus auf dem Computer, den meine Antivirenprogramme (Avira + Malwarebytes) nicht ausfindig machen können. Habe gestern ausgiebig fachkundige Freunde und Yahoo (weil Google plötzlich down war) befragt, jedoch wurde mir nicht wirklich geholfen. Ich konnte in Erfahrung bringen, dass das Problem mit der Googlesuche an einem Google-redirection Virus liegt. Nur kann der nicht gefunden werden. Neben diesem Virus habe ich noch das Problem mit Windows Security Service, der nicht funktioniert und nicht eingeschaltet werden kann. Hier sind die Logs aus den OTL OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2011 13:57:50 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Stas\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 9,93 Gb Available Physical Memory | 82,72% Memory free 23,99 Gb Paging File | 21,77 Gb Available in Paging File | 90,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 106,06 Gb Free Space | 45,56% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 175,15 Gb Free Space | 58,76% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 201,56 Gb Free Space | 21,64% Space Free | Partition Type: NTFS Drive I: | 1397,26 Gb Total Space | 504,76 Gb Free Space | 36,13% Space Free | Partition Type: NTFS Drive X: | 697,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: STAS-PC | User Name: Stas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.09 13:12:18 | 002,978,720 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2011.06.09 02:14:27 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.06.09 02:14:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.06.09 02:14:26 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.06.09 02:14:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.06.09 02:14:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.08 23:01:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Stas\Downloads\OTL.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2011.06.08 23:01:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Stas\Downloads\OTL.exe MOD - [2011.04.11 14:26:52 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.09 13:12:26 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2011.03.09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.06.09 13:12:18 | 002,978,720 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.06.09 02:14:27 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.06.09 02:14:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.06.09 02:14:26 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.06.09 02:14:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.17 10:18:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.09 02:14:27 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.04.12 14:19:27 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.04.12 14:19:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.04.11 21:22:17 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.02.20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc) DRV - [2010.09.05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2010.05.27 03:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 F0 6C E9 22 26 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 02:26:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 22:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stas\AppData\Roaming\Mozilla\Extensions [2011.05.24 01:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stas\AppData\Roaming\Mozilla\Firefox\Profiles\7skvv1yg.default\extensions [2011.04.12 23:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.11 21:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.12 23:29:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\STAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7SKVV1YG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.04.29 02:25:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [a-squared] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 04:16:15 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O32 - AutoRun File - [1998.09.15 12:14:30 | 000,168,448 | R--- | M] (Sierra On-Line, Inc.) - X:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2003.03.24 11:08:10 | 000,000,055 | R--- | M] () - X:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{843c7a69-5e2a-11e0-869a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{843c7a69-5e2a-11e0-869a-806e6f6e6963}\Shell\AutoRun\command - "" = X:\SCREENFUN-CD.exe -- [2003.03.28 18:16:28 | 002,904,064 | R--- | M] () O33 - MountPoints2\{df542f7e-645b-11e0-bd3e-00241d10f529}\Shell - "" = AutoRun O33 - MountPoints2\{df542f7e-645b-11e0-bd3e-00241d10f529}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.06.09 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{A51CC024-60F9-4AD5-AEB6-D951FD505E9C} [2011.06.09 01:11:19 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{A82DE0AA-F324-492A-A3D7-F875066E8322} [2011.06.08 23:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.06.08 23:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2011.06.08 23:34:32 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\Anti-Malware [2011.06.08 22:18:07 | 000,000,000 | ---D | C] -- C:\VundoFix Backups [2011.06.08 22:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2011.06.08 20:04:25 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\Avira [2011.06.08 19:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.06.08 19:57:32 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.06.08 19:57:32 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.06.08 19:57:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2011.06.08 19:57:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2011.06.08 19:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.06.08 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.06.08 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.08 19:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.06.08 18:38:19 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\Malwarebytes [2011.06.08 18:38:13 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.08 18:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.08 18:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.08 18:38:10 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.08 18:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.08 17:29:32 | 000,667,648 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll [2011.06.08 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\MAGIX_MusicMakerHipHopEdition2 [2011.06.08 17:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX [2011.06.08 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{3FB73A1E-6525-48D9-BFA6-85379BDC5008} [2011.06.08 12:28:20 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\Native Instruments [2011.06.08 12:27:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5} [2011.06.08 12:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2011.06.08 12:25:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B519F32F-827C-40F0-8D31-289E18AFCBCC} [2011.06.08 12:24:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8429ABAF-B3FC-4320-BD86-2F450040BB88} [2011.06.08 12:23:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A7980E87-CCF8-4A63-95C5-FBF6773430E4} [2011.06.08 12:22:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C563A71C-0CD1-48DB-BF21-E9663D577F6E} [2011.06.08 12:21:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{761E38B7-1182-40ED-8916-EAA5F384CFC7} [2011.06.08 12:20:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F1E1AF14-F91F-4ECF-B2AC-261F02221942} [2011.06.08 12:19:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C0C80074-EC49-4159-8610-C3471C7E6846} [2011.06.08 12:17:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F9958806-3326-4B30-A9A3-D5B43C478842} [2011.06.08 12:17:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2C41B757-F5D0-44F9-A206-EEB9CD973927} [2011.06.08 12:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2011.06.08 12:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2011.06.08 12:17:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14} [2011.06.08 12:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2011.06.08 12:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2011.06.08 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\MAGIX downloads [2011.06.08 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\MAGIX [2011.06.08 11:01:07 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\MAGIX_Screenshare [2011.06.08 11:00:40 | 000,917,504 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe [2011.06.08 11:00:40 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll [2011.06.08 11:00:40 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll [2011.06.08 11:00:40 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll [2011.06.08 11:00:40 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll [2011.06.08 11:00:40 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll [2011.06.08 11:00:40 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll [2011.06.08 11:00:40 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll [2011.06.08 11:00:40 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll [2011.06.08 11:00:40 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll [2011.06.08 11:00:40 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll [2011.06.08 11:00:40 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll [2011.06.08 11:00:40 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll [2011.06.08 11:00:40 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll [2011.06.08 11:00:40 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll [2011.06.08 11:00:40 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll [2011.06.08 11:00:40 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll [2011.06.08 11:00:40 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll [2011.06.08 11:00:40 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll [2011.06.08 11:00:40 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll [2011.06.08 11:00:40 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll [2011.06.08 11:00:40 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll [2011.06.08 11:00:40 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll [2011.06.08 11:00:34 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\MAGIX_Speed2_burnR_mxcdr [2011.06.08 11:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.06.08 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\MAGIX_MusicMaker16Premium_Download_Version [2011.06.08 10:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.06.08 10:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2011.06.08 10:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2011.06.07 13:09:53 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{BD33D1C9-2215-4D29-9080-D42C1EB5A1C3} [2011.06.06 12:10:09 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{5F7395E2-7E3C-4114-9CC8-D5E82B305291} [2011.06.05 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{A1972704-22D4-4785-9B09-3B8D7DDB697C} [2011.06.03 11:06:00 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{06EA1021-294C-4A54-A172-69EDEF56AC21} [2011.06.02 15:57:56 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{82E1516E-09C7-498A-B5DA-1C40F18C83AF} [2011.06.01 14:23:58 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{772453A5-CC12-48BF-98D4-F1AB89610A68} [2011.06.01 02:23:33 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{F287681F-9DBE-4871-86FC-EB6E50B76BE4} [2011.06.01 02:01:25 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{5CBB2BC3-4D05-4639-80C3-1C1F5D031E5F} [2011.05.31 23:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCII [2011.05.31 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.05.31 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\NCH Software [2011.05.31 17:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound [2011.05.31 17:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2011.05.31 17:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound [2011.05.31 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\NCH Swift Sound [2011.05.31 17:32:57 | 000,000,000 | ---D | C] -- C:\My Music [2011.05.31 17:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioConverter Studio [2011.05.31 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter Studio [2011.05.31 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.31 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic FLAC to MP3 Converter [2011.05.31 17:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLAC to MP3 Converter [2011.05.31 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{A04D95DD-F9ED-423B-B298-C0C26BE3ABA6} [2011.05.31 01:58:26 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{02671E0A-7EC4-42BE-8711-E2E20F945B53} [2011.05.30 13:58:14 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{F900B06B-82BF-4125-9DFC-E10DAFCFC69A} [2011.05.30 00:23:14 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{81EE703F-EB6F-4B9F-A60C-A62207574991} [2011.05.27 12:32:00 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{D00A5AF5-E115-480F-B3B7-9142729243A1} [2011.05.26 14:01:48 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{929FBABF-2DE4-4F4F-A8F9-A94248995029} [2011.05.26 01:59:32 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{D1E4DAA2-2362-4DA0-8096-8EAAF43C2194} [2011.05.25 13:59:08 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{C3603835-3AB8-449F-9D2B-B474BAFCB969} [2011.05.24 14:07:16 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{E63546A2-878B-46F1-B9A3-D00734E59676} [2011.05.24 02:06:51 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{518CC63E-2757-4655-AE79-F4B77A171C9E} [2011.05.22 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{B3DC678C-A3A5-46F7-A7A9-E1E81A1DEF32} [2011.05.22 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{19225ED1-2CB2-4D5B-8C47-54EC896BE7CE} [2011.05.21 10:33:48 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{8AFB1C0F-63A9-4792-B878-368800256A67} [2011.05.20 10:35:37 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{5B3A3D95-F81F-4E74-90DD-84AE7E3E838E} [2011.05.19 09:55:13 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{CE10B2A0-6901-4200-BE7F-40D7B2BD32E9} [2011.05.18 18:24:56 | 000,000,000 | ---D | C] -- C:\Users\Stas\Documents\Command and Conquer 4 [2011.05.18 16:53:08 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Roaming\Command and Conquer 4 [2011.05.18 11:09:57 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{3281C86B-0697-4918-9A72-BB1C75CFD756} [2011.05.17 22:59:04 | 000,000,000 | ---D | C] -- C:\tmp [2011.05.17 22:59:04 | 000,000,000 | ---D | C] -- C:\output [2011.05.17 22:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC To MP3 [2011.05.17 22:58:34 | 000,000,000 | ---D | C] -- C:\FLAC To MP3 [2011.05.17 21:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011.05.17 11:01:11 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{F80FD404-DF6F-46C4-8893-03D60E416943} [2011.05.16 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{01C72CA0-3158-4BDF-ADE4-C9467B001D4C} [2011.05.15 13:35:02 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{5224FDA7-69D6-4E66-B367-37D48D506190} [2011.05.15 01:34:37 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{D6F01378-69DD-4DB0-BC0A-197389C8D045} [2011.05.13 11:34:07 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{A41B55CE-752B-4CCD-B95D-75A8D7AC65AE} [2011.05.12 22:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.12 22:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.05.12 22:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.05.12 22:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.05.12 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.05.12 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.12 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{83D33FAA-039D-4C3C-BCCD-D452FADFEBE9} [2011.05.11 17:47:53 | 000,000,000 | ---D | C] -- C:\Users\Stas\AppData\Local\{DC0E24A5-E9E3-426E-9541-9C7E09DF71E4} ========== Files - Modified Within 30 Days ========== [2011.06.09 13:44:39 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.09 13:44:39 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.09 13:43:45 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.09 13:43:45 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.09 13:43:45 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.09 13:39:12 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\OJOAERQ.job [2011.06.09 13:39:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.09 13:39:01 | 1072,406,526 | -HS- | M] () -- C:\hiberfil.sys [2011.06.09 02:14:27 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.06.08 17:51:26 | 000,114,176 | RHS- | M] () -- C:\Windows\SysWow64\certclis.dll [2011.06.08 17:29:32 | 000,006,768 | ---- | M] () -- C:\Windows\mgxoschk.ini [2011.06.08 12:52:39 | 000,435,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.31 16:00:03 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI [2011.05.31 16:00:03 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2011.05.30 18:31:44 | 000,159,464 | ---- | M] () -- C:\Users\Stas\Documents\Eticket-PS9674-105049-2.pdf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.06.08 22:01:18 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.06.08 17:51:26 | 000,114,176 | RHS- | C] () -- C:\Windows\SysWow64\certclis.dll [2011.06.08 17:51:26 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\OJOAERQ.job [2011.06.08 17:29:25 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.06.08 17:28:03 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.06.08 11:00:40 | 000,038,492 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib [2011.06.08 10:59:22 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.05.31 23:18:21 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2011.05.31 23:17:37 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2011.05.31 23:17:36 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2011.05.31 17:47:57 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk [2011.05.31 16:00:03 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.31 16:00:03 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.05.30 18:31:42 | 000,159,464 | ---- | C] () -- C:\Users\Stas\Documents\Eticket-PS9674-105049-2.pdf [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.08 16:55:16 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.03 22:08:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.18 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\Command and Conquer 4 [2011.04.11 21:23:13 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\DAEMON Tools Lite [2011.04.11 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\DAEMON Tools Pro [2011.04.22 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\DVDVideoSoft [2011.06.08 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\MAGIX [2011.05.31 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\NCH Swift Sound [2011.04.11 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\Stas\AppData\Roaming\Ubisoft [2011.06.09 13:39:12 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\OJOAERQ.job [2009.07.14 07:08:49 | 000,022,190 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.03 21:57:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.04.03 22:06:12 | 000,000,000 | ---D | M] -- C:\ATI [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.17 22:58:34 | 000,000,000 | ---D | M] -- C:\FLAC To MP3 [2011.04.27 01:44:42 | 000,000,000 | ---D | M] -- C:\Gamez [2011.04.13 17:54:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.05.31 17:32:57 | 000,000,000 | ---D | M] -- C:\My Music [2011.05.17 23:00:25 | 000,000,000 | ---D | M] -- C:\output [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.08 19:44:43 | 000,000,000 | R--D | M] -- C:\Program Files [2011.06.08 23:34:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.08 19:57:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.03 21:55:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.06.08 23:19:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.05.17 22:59:25 | 000,000,000 | ---D | M] -- C:\tmp [2011.04.03 21:57:15 | 000,000,000 | R--D | M] -- C:\Users [2011.06.08 22:18:07 | 000,000,000 | ---D | M] -- C:\VundoFix Backups [2011.06.08 19:46:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.06.2011 23:05:09 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Stas\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 9,36 Gb Available Physical Memory | 77,99% Memory free
23,99 Gb Paging File | 21,06 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 97,62 Gb Free Space | 41,93% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 168,90 Gb Free Space | 56,66% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 207,76 Gb Free Space | 22,30% Space Free | Partition Type: NTFS
Drive X: | 697,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: STAS-PC | User Name: Stas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ
"{24873332-B98B-4235-ABBA-CCDEACC62BB9}" = Native Instruments Traktor Audio 6
"{28F19F09-F228-49cb-8B90-F97DA7180DD4}" = Native Instruments Traktor Kontrol S4
"{3054FEFA-4748-4cf0-8C3C-8DB887DE379F}" = Native Instruments Traktor Audio 2
"{305CA7E5-C739-48e2-B247-584C0E1B717C}" = Native Instruments Traktor Audio 10
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{612601db-4776-4127-bab5-d84b8644e530}" = Native Instruments Traktor Kontrol X1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.2.0 Beta 2
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"Avira AntiVir Desktop" = Avira AntiVir Premium
"DAEMON Tools Lite" = DAEMON Tools Lite
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.2.18.324
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"JDownloader" = JDownloader
"Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.72
"MAGIX Music Maker 16 Premium Download Version UK" = MAGIX Music Maker 16 Premium Download Version
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Audio 2 DJ" = Native Instruments Audio 2 DJ
"Native Instruments Audio 4 DJ" = Native Instruments Audio 4 DJ
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 10" = Native Instruments Traktor Audio 10
"Native Instruments Traktor Audio 2" = Native Instruments Traktor Audio 2
"Native Instruments Traktor Audio 6" = Native Instruments Traktor Audio 6
"Native Instruments Traktor Kontrol S4" = Native Instruments Traktor Kontrol S4
"Native Instruments Traktor Kontrol X1" = Native Instruments Traktor Kontrol X1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RocketDock_is1" = RocketDock 1.3.5
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Steam App 240" = Counter-Strike: Source
"Switch" = Switch Sound File Converter
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2011 11:47:15 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 31.05.2011 15:59:39 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 31.05.2011 17:12:46 | Computer Name = Stas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mafia2.exe, version: 1.0.0.1, time stamp:
0x4c35f255 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x3203b6f8 Faulting process id: 0x1068 Faulting application
start time: 0x01cc1fd76939afdd Faulting application path: E:\Gamez\Mafia 2\pc\mafia2.exe
Faulting
module path: unknown Report Id: ba983c49-8bca-11e0-9ffb-00241d10f529
Error - 31.05.2011 17:17:11 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 31.05.2011 18:17:05 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 01.06.2011 10:11:06 | Computer Name = Stas-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MediaHub.exe, version: 1.0.11.100, time
stamp: 0x4b670fa3 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time
stamp: 0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00008aa0 Faulting process
id: 0xc48 Faulting application start time: 0x01cc2065abd32d5d Faulting application
path: C:\Program Files (x86)\Nero\Nero 10\Nero MediaHub\MediaHub.exe Faulting module
path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: fd7db806-8c58-11e0-aa67-00241d10f529
Error - 06.06.2011 10:37:40 | Computer Name = Stas-PC | Source = Application Hang | ID = 1002
Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10dc Start
Time: 01cc2457369579b6 Termination Time: 5 Application Path: C:\Windows\system32\DllHost.exe
Report
Id: 7d980c1f-904a-11e0-ba3a-00241d10f529
Error - 08.06.2011 09:13:34 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\DOWN
2\SoftonicDownloader_fuer_vlc-media-player.exe".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 08.06.2011 09:13:38 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\DOWN
2\SoftonicDownloader_fuer_free-video-to-ipod-and-psp-converter.exe".Error in manifest
or policy file "" on line . A component version required by the application conflicts
with another component version already active. Conflicting components are:. Component
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 08.06.2011 13:51:45 | Computer Name = Stas-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Stas\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
[ System Events ]
Error - 19.05.2011 18:46:19 | Computer Name = Stas-PC | Source = DCOM | ID = 10010
Description =
Error - 20.05.2011 04:34:52 | Computer Name = Stas-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 20.05.2011 04:34:55 | Computer Name = Stas-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577
Error - 20.05.2011 04:34:56 | Computer Name = Stas-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577
Error - 20.05.2011 04:35:04 | Computer Name = Stas-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 21.05.2011 04:33:14 | Computer Name = Stas-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 21.05.2011 04:33:18 | Computer Name = Stas-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577
Error - 21.05.2011 04:33:18 | Computer Name = Stas-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577
Error - 21.05.2011 04:33:25 | Computer Name = Stas-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 21.05.2011 04:33:32 | Computer Name = Stas-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
< End of report >
Hinweis zur Google-Redirection: bei mir taucht folgender Link mit einer leeren Seite auf: hxxp://www.goingonearth.com/search.php?q=windows%2Bsecurity%2Bcenter%2Barbeitet%2Bnicht%2Bmehr&n=1307618691 hxxp://www.goingonearth.com/search.php?q=windows%2Bsecurity%2Bcenter&n=1307621228 Danke schonmal für eure Hilfe  |
| Themen zu Google wird z.T. redirected+Windows Security Center disabled unter W7 |
| 0x80004005, 64-bit, avira, bonjour, c:\windows\system32\rundll32.exe, computer, desktop, dllhost.exe, down, emsisoft, emsisoft anti-malware, error, excel, failed, firefox, flash player, format, google, google-redirection, grand theft auto, install.exe, jdownloader, langs, logfile, microsoft office word, microsoft security, mozilla, mp3, msvcr80.dll, nicht gefunden, oldtimer, plug-in, problem, realtek, redirection windows security center disabled, registry, required, rundll, scan, searchplugins, security, shortcut, sierra, software, start menu, syswow64, virus, webcheck, windows, windows security |
Baum-Darstellung