| |
| |||||||
Log-Analyse und Auswertung: recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recyclerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
25.10.2011, 13:46
| #1 |
 |  recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Hallo, Habe vor 3 Tagen oder so entdeckt, dass die Ordner auf meinen beiden mobilen Platten nur noch Verknüpfungen sind. Ich habe aber dafür nen versteckten Ordner "recycler" bekommen. Dort ist auch eine Exe und eine ini Datei, welche ich gelösht habe. Die Verknüpfungen verweisen auch auf diese. Nachdem ich die Datei gelöscht habe, komme ich nicht mehr in den entsprechenen Ordner hinein. Als ich Malwarebytes' Anti-Malware laufen hatte, wurden nen paar mal Seiten geblockt, in der schnelle ging das glaube ich über skype! Das ist die Zeile aus der Velrinkung: "%windir%\system32\cmd.exe /c "start %cd%RECYCLER\6c257b9d.exe &&%windir%\explorer.exe %cd%OSLO 2011" Danke schonmal für die Hilfe! P.s.: muss ich die Platten bei den scans immer angeschlossen haben? P.p.s.: Hatte das thema schon im falschen forum offen, hab da schon um closen/löschen des Beitrages gebeten! |
|
26.10.2011, 12:10
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recyclerZitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
28.10.2011, 08:05
| #3 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Hey!
__________________Erstmal das wichtigste: Danke für die Hilfe. Nachdem ich hier nen bissl gestöbert hatte, habe ich Malwarebytes anti maleware und emsisoft anti Malware schon durchlaufen lassen. Dort habe ich den Wurm "worm.lnk.dorkbot!e2" gefunden und entfernt. Die lnk dateien waren der Virus. leider habe ich das log nicht gespeichert. Unhide habe ich dann benutzt. um die Ordner wieder sichtbar zu machen! Die waren dann noch als vewrstekcte Ordner da, habe den inhalt der nicht als versteckter Ordner im Browser war, in nen neuen Überoerdner kopiert und gut war es. Habe danach nochmal durchlaufen lassen und nichts mehr gefunden.Habe das Log wieder nicht gespeichert! Aber hab es jetzt wegen der aufforderung nochmal durchlaufen lassen . Hoffe das ist jetzt kein Problem! Hab das Thema noch dagelassen, um sicher zu gehen, das die Platten und alles komplett sauber sind, gefährdet ja nicht nur mich. Ah so mal nebenbei.. reichen "Antivir" und spybot search and destroy und "AdAware" normaerweise aus, oder sollte man sich emisoft antimaleware oder so gönnen, das der ganze sch... nicht wieder passiert? Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8025 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 27.10.2011 03:14:24 mbam-log-2011-10-27 (03-14-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Durchsuchte Objekte: 655551 Laufzeit: 2 Stunde(n), 5 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Eset: ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5e47b6fc4f01c84f99d51be21eba9417 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-27 06:51:39 # local_time=2011-10-27 08:51:39 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 912717 912717 0 0 # compatibility_mode=5893 16776574 100 94 9449714 71328101 0 0 # compatibility_mode=8192 67108863 100 0 165754 165754 0 0 # scanned=22 # found=0 # cleaned=0 # scan_time=47 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5e47b6fc4f01c84f99d51be21eba9417 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-27 07:27:46 # local_time=2011-10-27 09:27:46 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 913007 913007 0 0 # compatibility_mode=5893 16776574 100 94 9450004 71328391 0 0 # compatibility_mode=8192 67108863 100 0 166044 166044 0 0 # scanned=122285 # found=0 # cleaned=0 # scan_time=1925 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5e47b6fc4f01c84f99d51be21eba9417 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-28 03:37:36 # local_time=2011-10-28 05:37:36 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 970342 970342 0 0 # compatibility_mode=5893 16776574 100 94 9507339 71385726 0 0 # compatibility_mode=8192 67108863 100 0 223379 223379 0 0 # scanned=453528 # found=2 # cleaned=0 # scan_time=17180 C:\Users\Moe\Downloads\mtxl1571_fullsetup.rar probably a variant of Win32/Agent.CKQSQTE trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\1415e7d.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
|
28.10.2011, 10:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Mach bitte ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.10.2011, 12:16
| #5 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler irgendwie will er nicht "normal" antworten, pack es als Anhang ran. |
|
28.10.2011, 13:28
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recyclerZitat:
__________________ --> recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler |
|
28.10.2011, 14:15
| #7 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Die habe ich mir rutnergeladen. Bin mir sicher, das das in der SChweiz nicht verboten ist! Wenn ich falsch liege, sorry, dann löcshe ich sie wieder.. aber da da ja offewnichtrlich nen Virus / Trojaner dranhängt... |
|
28.10.2011, 14:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Mach bitte ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 15:09
| #9 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Der neue Scan.. Was stellt man eigentlkich mit den befehlen für den custum scan ein, die du immer schreibst? Was mir nocxh aufgefallen ist... wenn man mit einem anti Malwareprogram oder so die Platte checkt, blockiert Antivir sehr oft den Autorun... |
|
28.10.2011, 15:10
| #10 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler die Datei  |
|
11.11.2011, 00:00
| #11 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Sorry für die ewige Verspätung.. hatte Stress bei der Arbeit... OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2011 23:48:01 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Moe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,77% Memory free 7,98 Gb Paging File | 6,10 Gb Available in Paging File | 76,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281,21 Gb Total Space | 54,36 Gb Free Space | 19,33% Space Free | Partition Type: NTFS Drive D: | 16,59 Gb Total Space | 2,70 Gb Free Space | 16,31% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 864,05 Gb Free Space | 92,76% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 478,72 Gb Free Space | 25,70% Space Free | Partition Type: NTFS Drive H: | 596,02 Gb Total Space | 401,85 Gb Free Space | 67,42% Space Free | Partition Type: FAT32 Computer Name: MOMO | User Name: Moe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.27 08:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Moe\Desktop\OTL.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.18 14:25:12 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe PRC - [2011.07.01 12:49:26 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010.01.11 21:28:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.09.18 17:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.22 12:37:26 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe PRC - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009.06.22 12:37:26 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.09 13:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.09.12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag) SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2011.10.29 00:42:00 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.06.20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.11 21:28:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009.12.29 23:31:40 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 13:44:18 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 13:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.09.18 17:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.12.02 09:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.05.27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.05.06 02:46:36 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2010.03.23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.01.13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.01.12 00:21:05 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.12 00:21:04 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.01.01 19:43:59 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.09.11 20:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.09.11 20:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.09.11 20:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2009.09.11 20:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.09.11 20:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2009.08.18 12:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009.08.18 12:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009.08.18 12:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.08.18 12:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.08.18 12:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.07.23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.17 21:58:30 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.07.17 21:58:24 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.17 21:58:22 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.17 21:58:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.06.30 17:46:22 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.27 00:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.06.22 19:01:16 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.22 18:38:34 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 18:26:40 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1proxy.de:80 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://aolwebmail.aol.de/landing-page" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.9rc2 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.6.1.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.7 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..keyword.URL: "hxxp://ch.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - prefs.js..network.proxy.http: "188.138.35.47" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.24 21:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 19:34:27 | 000,000,000 | ---D | M] [2009.12.29 03:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moe\AppData\Roaming\mozilla\Extensions [2011.07.03 20:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2011.07.03 20:48:41 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2011.07.03 20:48:40 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2011.07.03 20:48:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.07.03 20:48:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.07.03 20:48:43 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2011.07.03 20:48:43 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2011.11.10 23:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions [2011.07.12 23:46:07 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} [2011.11.08 01:14:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.11.08 01:25:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.09.30 20:30:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.11 14:34:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\firefox@tvunetworks.com [2011.07.16 12:11:29 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\SkipScreen@SkipScreen [2011.07.04 01:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus WebGuard) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\toolbar@ask.com [2010.09.11 15:48:46 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Moe\AppData\Roaming\mozilla\Firefox\Profiles\unenfokd.default\extensions\vshare@toolbar [2010.02.12 07:50:11 | 000,002,497 | ---- | M] () -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\searchplugins\search-fileshuntcom.xml [2009.12.30 10:21:19 | 000,001,340 | ---- | M] () -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\searchplugins\wikipedia-en.xml [2009.12.30 12:49:54 | 000,001,720 | ---- | M] () -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\searchplugins\youtube-videosuche.xml [2011.11.10 23:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2007.02.04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2009.11.18 06:30:14 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.10.21 13:02:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.21 13:02:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.21 13:02:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.21 13:02:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.21 13:02:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.16 18:14:07 | 000,438,145 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15068 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Ogeserazur] rundll32.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8:64bit: - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19FC642D-2D4E-491E-9470-5E3C63C73E55}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAC5306-4531-4AAD-A49A-8D71443A971C}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52856681-BECB-4215-A79A-EF950FC77586}: DhcpNameServer = 192.168.1.1 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D132817-06B8-4131-ABF7-C0D5D1573EB8}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8415898-2513-4346-80DA-7E636DAF7E80}: DhcpNameServer = 192.168.1.1 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5FBE372-7CE2-43AF-9257-57E6F20E0743}: DhcpNameServer = 138.188.101.189 138.188.101.186 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.18 10:20:48 | 000,000,088 | ---- | M] () - F:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.10.21 16:52:45 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.10.24 22:26:06 | 000,000,000 | ---- | M] () - H:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell - "" = AutoRun O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell - "" = AutoRun O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.29 00:38:43 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.10.29 00:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.10.29 00:38:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.10.28 14:28:37 | 000,000,000 | ---D | C] -- C:\Users\Moe\AppData\Roaming\SUPERAntiSpyware.com [2011.10.28 14:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.10.28 14:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.10.28 14:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.10.27 08:17:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Moe\Desktop\OTL.exe [2011.10.27 07:37:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Moe\Desktop\esetsmartinstaller_enu(2).exe [2011.10.25 09:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.10.25 09:45:32 | 000,000,000 | ---D | C] -- C:\Users\Moe\AppData\Roaming\Malwarebytes [2011.10.25 09:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.25 09:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.25 09:45:15 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.25 09:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.25 08:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2011.10.25 08:21:50 | 000,000,000 | ---D | C] -- C:\Users\Moe\Documents\Anti-Malware [2011.10.24 19:54:05 | 000,000,000 | ---D | C] -- C:\Users\Moe\DoctorWeb [2011.10.17 17:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.17 17:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.17 17:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.17 17:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.10.17 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.17 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.10.16 18:21:25 | 000,000,000 | ---D | C] -- C:\Users\Moe\AppData\Roaming\Avira [2011.10.16 18:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.16 18:19:46 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.16 18:19:46 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.16 18:19:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.16 18:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.16 18:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.10.15 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Moe\AppData\Roaming\Tropico 4 [2011.10.15 18:25:56 | 000,000,000 | ---D | C] -- C:\Users\Moe\AppData\Roaming\Kalypso Media [2011.10.15 18:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropico 4 [2011.10.14 23:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.10.14 23:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.10 23:30:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.11.10 23:11:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.10 23:11:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.10 23:08:53 | 001,838,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.10 23:08:53 | 000,785,830 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.10 23:08:53 | 000,725,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.10 23:08:53 | 000,180,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.10 23:08:53 | 000,147,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.10 23:04:45 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.10 23:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.10 23:03:22 | 3214,053,376 | -HS- | M] () -- C:\hiberfil.sys [2011.11.10 23:03:20 | 000,723,346 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.11.10 01:02:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.09 03:19:19 | 000,453,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.08 01:40:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.08 01:40:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011.11.06 15:51:18 | 545,794,802 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.06 13:02:40 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.10.29 00:42:09 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.10.29 00:38:46 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.10.28 15:10:14 | 000,041,167 | ---- | M] () -- C:\Users\Moe\Desktop\OTL.zip [2011.10.28 14:28:18 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.27 08:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Moe\Desktop\OTL.exe [2011.10.27 07:36:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Moe\Desktop\esetsmartinstaller_enu(2).exe [2011.10.25 09:45:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.25 08:47:46 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMoe.job [2011.10.25 08:45:27 | 000,000,202 | ---- | M] () -- C:\Users\Moe\defogger_reenable [2011.10.17 17:58:26 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.16 18:20:55 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.16 18:14:07 | 000,438,145 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.10.15 04:40:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\$ [2011.10.13 09:35:25 | 000,287,023 | ---- | M] () -- C:\Users\Moe\Desktop\masterarbeit Stoltz.pdf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.06 13:02:40 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.11.06 13:02:40 | 000,001,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.11.01 01:39:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.01 01:39:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.10.29 00:38:46 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.10.28 14:28:18 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.10.25 09:45:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.25 09:14:34 | 000,041,167 | ---- | C] () -- C:\Users\Moe\Desktop\OTL.zip [2011.10.25 08:45:27 | 000,000,202 | ---- | C] () -- C:\Users\Moe\defogger_reenable [2011.10.24 19:45:49 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMoe.job [2011.10.17 17:58:26 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.16 18:20:55 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.15 04:40:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$ [2011.10.13 09:35:23 | 000,287,023 | ---- | C] () -- C:\Users\Moe\Desktop\masterarbeit Stoltz.pdf [2011.10.08 20:59:26 | 000,684,377 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.08 20:59:25 | 000,003,364 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.02 00:19:21 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.19 23:08:08 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.01 06:08:52 | 000,001,854 | ---- | C] () -- C:\Users\Moe\AppData\Roaming\GhostObjGAFix.xml [2010.09.24 18:06:16 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI [2010.05.22 09:28:17 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.05.22 09:28:17 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2010.03.31 20:22:33 | 000,168,392 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.03.20 16:24:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.02.24 19:31:12 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.29 21:55:51 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.01.25 21:09:14 | 000,017,408 | ---- | C] () -- C:\Users\Moe\AppData\Local\WebpageIcons.db [2010.01.13 18:53:40 | 000,000,091 | ---- | C] () -- C:\Users\Moe\AppData\Local\fusioncache.dat [2010.01.11 21:29:35 | 001,816,570 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.11 21:28:08 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.01.11 21:28:08 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.01.11 21:28:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.01.11 19:22:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.01.11 19:04:42 | 000,000,167 | ---- | C] () -- C:\Users\Moe\AppData\Roaming\default.rss [2010.01.03 15:30:08 | 000,000,017 | ---- | C] () -- C:\Users\Moe\AppData\Local\resmon.resmoncfg [2010.01.02 21:55:30 | 000,006,144 | ---- | C] () -- C:\Users\Moe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.02 21:54:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.11.23 01:29:38 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2009.11.23 01:29:38 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2009.11.23 01:29:38 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2009.11.23 01:29:38 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2009.11.23 01:29:38 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2009.11.23 01:29:38 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2009.10.15 18:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.09.06 18:44:49 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2009.12.30 16:55:56 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Azureus [2010.03.20 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Canneverbe Limited [2011.02.21 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\FreeFLVConverter [2011.07.03 21:59:03 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\JonDo [2011.10.15 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Kalypso Media [2010.11.16 23:57:30 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Leadertech [2011.08.15 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Nokia [2011.08.15 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\PC Suite [2010.01.19 01:40:55 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Symyx [2011.03.01 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\thriXXX [2010.02.04 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Trillian [2011.10.16 10:57:48 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Tropico 4 [2009.12.29 23:31:29 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\TuneUp Software [2011.03.02 05:59:12 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Ulead Systems [2011.09.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Vodafone [2011.11.09 03:19:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.03 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Adobe [2011.10.17 23:10:58 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Apple Computer [2011.10.16 18:21:25 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Avira [2009.12.30 16:55:56 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Azureus [2010.03.20 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Canneverbe Limited [2010.01.02 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Corel [2010.12.01 20:21:55 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\CyberLink [2010.07.22 19:08:35 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\DivX [2011.03.14 23:40:47 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Download Manager [2011.11.02 22:56:30 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\dvdcss [2011.02.21 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\FreeFLVConverter [2010.06.17 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Hewlett-Packard [2010.04.11 11:08:16 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\HP Support Assistant [2009.12.29 03:13:58 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\HP TCS [2010.12.16 18:39:49 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\hpqlog [2010.04.11 11:08:16 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\HpUpdate [2009.12.29 03:17:26 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Identities [2011.03.10 18:48:56 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\InstallShield [2011.07.03 21:59:03 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\JonDo [2011.10.15 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Kalypso Media [2010.11.16 23:57:30 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Leadertech [2009.12.29 03:20:44 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Macromedia [2011.10.25 09:45:32 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Malwarebytes [2009.11.23 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Media Center Programs [2011.10.24 19:35:06 | 000,000,000 | --SD | M] -- C:\Users\Moe\AppData\Roaming\Microsoft [2009.12.29 03:27:20 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Mozilla [2010.01.09 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Nero [2011.08.15 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Nokia [2011.08.15 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\PC Suite [2010.05.22 10:04:00 | 000,000,000 | R--D | M] -- C:\Users\Moe\AppData\Roaming\SecuROM [2011.11.09 03:17:26 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Skype [2011.10.28 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\SUPERAntiSpyware.com [2010.01.19 01:40:55 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Symyx [2011.03.01 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\thriXXX [2010.02.04 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Trillian [2011.10.16 10:57:48 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Tropico 4 [2009.12.29 23:31:29 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\TuneUp Software [2011.03.02 05:59:12 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Ulead Systems [2011.11.10 23:24:21 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\vlc [2011.09.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Vodafone [2011.04.29 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\Winamp [2009.12.29 04:03:43 | 000,000,000 | ---D | M] -- C:\Users\Moe\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.12.30 16:54:10 | 008,677,824 | ---- | M] (Vuze Inc.) -- C:\Users\Moe\AppData\Roaming\Azureus\tmp\AZU8838161945245668252.tmp\Vuze_4.3.0.6b_win32.exe [2011.06.03 23:06:44 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Moe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2010.01.08 22:15:31 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Moe\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe [2010.01.08 22:15:31 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Moe\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe [2010.01.08 22:15:31 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Moe\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe [2010.01.08 22:15:31 | 000,008,854 | R--- | M] () -- C:\Users\Moe\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\Uninstall_GameShadow_373C3DAE62C84F63887C769A8986ED50.exe [2010.02.18 20:52:45 | 000,010,134 | R--- | M] () -- C:\Users\Moe\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.07.03 20:48:43 | 000,182,374 | ---- | M] (JonDos GmbH) -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\uninstall.exe [2011.07.03 10:21:14 | 003,602,392 | ---- | M] (Ask) -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
28.10.2011, 19:29
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recyclerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.10.2011, 11:31
| #13 | |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recyclerZitat:
Ah und soll ich wirklich beide sperren.. der Antivir blockt ja dauernt den Autostart der platten, wo der virus drauf ist, erstaunlich häufig. |
|
30.10.2011, 18:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Du sollst nicht beide sperren sondern zumindest Emsisoft A-Squared deinstallieren, AntiVir kann erstmal bleiben.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2011, 18:53
| #15 |
| | recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler hey.. Sorry für die Verspätung.. hab ich gemacht.. soll ich den Scan wiederholen? |
|
| Themen zu recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler |
| anti-malware, cmd.exe, datei, datei gelöscht, entdeck, exe, explorer.exe, falsche, forum, geblockt, gelöscht, malwarebytes, nicht mehr, offen, ordner, platte, recycler, recycler\, seite, seiten, start, system, system32, thema, versteckte, verweise |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
