Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 50€ Forderung bei Windows-Start

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.12.2011, 17:31   #1
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Hi,
Ich hab quasi das selbe Problem wie in folgendem Thread:
http://www.trojaner-board.de/106109-...s-7-start.html

War mit Firefox (neuste Version) unterwegs, plötzlich öffnete sich scheinbar ein PopUp, was eine Geldforderung anzeigte. Schließen so ging nicht. Alt+F4 half dann. Ein Internet Explorer und Explorer war auch offen, ebenfalls mit Alt+F4 geschlossen. Mein Desktop-Hintergrund wurde nun angezeigt, machen konnte ich aber nix. Reagierte nicht auf Maus oder Tastatur scheinbar. Task Manager über Tastatur ging -> Neustart Befehl. Währenddessen waren im Hintergrund noch genug Programme offen, so dass ich den Neustart verhindern konnte und wieder auf dem "richtigen" Desktop gelandet bin.
Heute morgen starte ich dann den PC wieder und direkt öffnet sich ein weißes Fenster (was wohl diese Geldforderung wieder anzeigen sollte). Mit Alt+F4 liess es sich wieder schließen, IE und Explorer Fenster ebenfalls. Aber zum normalen Einsatz kam ich gar nicht mehr.
Durch den abgesichteren Modus konnte ich dann "Rant Lend Heinz" (angeblich von Packard Bell) kicken. Seitdem kann ich normal starten und in der Autostart-Liste wird das ebenfalls nicht mehr angezeigt...
Sichergehen will ich trotzdem und daher meinen Log hier posten. Also hier mein OTL Log:

Code:
ATTFilter
OTL logfile created on: 19.12.2011 18:11:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,16% Memory free
8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,29 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 160,37 Gb Free Space | 20,43% Space Free | Partition Type: NTFS
 
Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DVBVRecorder) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (UDST7000HID) -- C:\Windows\SysNative\drivers\UDST7000HID.sys (TechniSat Digital S.A.)
DRV:64bit: - (UDST7000BDA) -- C:\Windows\SysNative\drivers\UDST7000BDA.sys (TechniSat Digital S.A.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 77 1D A8 6C CF CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.xrel.to/releases.html"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 17:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 17:21:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 17:52:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.02 20:58:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}: C:\Users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C} [2011.01.25 23:47:32 | 000,000,000 | ---D | M]
 
[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.12.18 17:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions
[2011.12.16 07:21:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.11.26 11:45:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.12.08 19:30:32 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.09.22 13:16:59 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.08.31 14:20:01 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2011.11.08 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.08 15:21:01 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.01.25 23:47:32 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MICHA\APPDATA\LOCAL\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.11.08 17:52:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.21 15:49:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 15:49:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.21 15:49:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 15:49:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 15:49:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.21 15:49:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Micha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\
CHR - Extension: AdBlock = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\
 
Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4083B7D6-93C1-4546-8E69-A836839524AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03CCBA5-C47B-40C6-BB87-7FE386CD2366}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B19686-B466-4226-879D-D95AA3C392CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 17:35:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2011.12.14 16:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.14 07:35:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 07:35:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 07:35:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 07:35:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 07:35:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 07:35:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 07:35:35 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 07:35:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 07:35:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 07:35:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 07:35:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 07:34:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 07:33:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 07:33:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\FILSHtray
[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\FILSH_Media_GmbH
[2011.12.11 20:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray
[2011.12.11 20:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILSHtray
[2011.12.09 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2011.12.08 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 12 (SRF)
[2011.12.08 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Nitro PDF
[2011.12.08 14:12:36 | 000,028,968 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2011.12.08 14:12:36 | 000,017,192 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2011.12.08 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011.12.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations
[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô
[2011.11.24 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Sidhe
[2011.11.23 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Ubisoft Game Launcher
[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Assassin's Creed Revelations
[2011.11.22 21:54:20 | 000,000,000 | ---D | C] -- C:\Users\Micha\.android
[2011.11.22 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2011.11.20 18:34:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\2K Sports
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.19 18:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job
[2011.12.19 17:35:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2011.12.19 17:12:53 | 004,000,705 | ---- | M] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3
[2011.12.19 17:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job
[2011.12.19 16:33:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 16:33:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 16:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 16:27:43 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 16:27:42 | 002,081,616 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.12.18 21:09:49 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 21:09:49 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.18 21:09:49 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.18 21:09:49 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.18 21:09:49 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.18 20:55:02 | 004,878,836 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3
[2011.12.18 20:51:04 | 007,010,338 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3
[2011.12.18 20:12:45 | 125,315,075 | ---- | M] () -- C:\Users\Micha\Desktop\Laidback Luke at Dirty Dutch Blackout (Air, Amsterdam) 17.12.2011.mp3
[2011.12.18 20:12:38 | 113,353,237 | ---- | M] () -- C:\Users\Micha\Desktop\Chuckie at Dirty Dutch Blackout - Amsterdam 17.12.2011 [exQlusiv.com].mp3
[2011.12.17 19:21:54 | 193,479,189 | ---- | M] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3
[2011.12.17 12:41:00 | 095,703,661 | ---- | M] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3
[2011.12.17 11:50:32 | 112,608,697 | ---- | M] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3
[2011.12.17 10:39:06 | 185,287,975 | ---- | M] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3
[2011.12.17 06:19:19 | 163,866,484 | ---- | M] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3
[2011.12.17 02:22:28 | 097,788,381 | ---- | M] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3
[2011.12.17 01:12:33 | 097,480,766 | ---- | M] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3
[2011.12.16 07:37:42 | 173,614,161 | ---- | M] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3
[2011.12.15 19:55:05 | 009,006,535 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3
[2011.12.14 11:55:21 | 005,173,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.13 19:44:10 | 000,354,760 | ---- | M] () -- C:\Users\Micha\Desktop\chuckie.jpg
[2011.12.13 16:56:10 | 000,054,096 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg
[2011.12.13 16:56:08 | 000,054,174 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg
[2011.12.13 16:56:05 | 000,052,766 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg
[2011.12.13 16:56:03 | 000,054,636 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg
[2011.12.13 16:56:00 | 000,049,596 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg
[2011.12.13 16:55:56 | 000,047,476 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg
[2011.12.13 16:52:26 | 000,196,091 | ---- | M] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg
[2011.12.13 16:52:20 | 000,319,821 | ---- | M] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg
[2011.12.13 16:52:14 | 000,219,459 | ---- | M] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg
[2011.12.13 16:52:08 | 000,223,256 | ---- | M] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg
[2011.12.13 16:52:03 | 000,204,846 | ---- | M] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg
[2011.12.13 16:51:57 | 000,121,565 | ---- | M] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg
[2011.12.13 14:15:11 | 000,275,859 | ---- | M] () -- C:\Users\Micha\Desktop\img_8706.jpg
[2011.12.13 14:09:06 | 000,055,809 | ---- | M] () -- C:\Users\Micha\Desktop\Maria2.jpg
[2011.12.13 14:05:37 | 000,055,427 | ---- | M] () -- C:\Users\Micha\Desktop\Maria1.jpg
[2011.12.12 18:33:42 | 000,533,972 | ---- | M] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg
[2011.12.12 18:33:21 | 000,117,219 | ---- | M] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg
[2011.12.12 18:30:43 | 000,031,762 | ---- | M] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg
[2011.12.11 20:41:27 | 013,494,125 | ---- | M] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3
[2011.12.09 18:00:30 | 000,146,828 | ---- | M] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg
[2011.12.09 07:34:17 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.08 19:17:43 | 088,160,965 | ---- | M] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3
[2011.12.08 14:29:44 | 000,054,913 | ---- | M] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg
[2011.12.08 14:27:01 | 000,816,088 | ---- | M] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg
[2011.12.08 14:24:11 | 000,000,817 | ---- | M] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk
[2011.11.30 15:31:23 | 000,008,479 | ---- | M] () -- C:\Users\Micha\Desktop\Dglucsoe.png
[2011.11.29 15:41:30 | 014,182,400 | ---- | M] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3
[2011.11.26 14:00:54 | 000,011,986 | ---- | M] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png
[2011.11.26 13:58:29 | 000,028,135 | ---- | M] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png
[2011.11.22 16:46:27 | 000,175,836 | ---- | M] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 17:12:52 | 004,000,705 | ---- | C] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3
[2011.12.18 20:54:23 | 004,878,836 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3
[2011.12.18 20:50:59 | 007,010,338 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3
[2011.12.18 20:10:04 | 113,353,237 | ---- | C] () -- C:\Users\Micha\Desktop\Chuckie at Dirty Dutch Blackout - Amsterdam 17.12.2011 [exQlusiv.com].mp3
[2011.12.18 20:10:00 | 125,315,075 | ---- | C] () -- C:\Users\Micha\Desktop\Laidback Luke at Dirty Dutch Blackout (Air, Amsterdam) 17.12.2011.mp3
[2011.12.17 19:19:19 | 193,479,189 | ---- | C] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3
[2011.12.17 15:25:49 | 112,608,697 | ---- | C] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3
[2011.12.17 15:25:37 | 163,866,484 | ---- | C] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3
[2011.12.17 15:25:26 | 185,287,975 | ---- | C] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3
[2011.12.17 15:09:23 | 095,703,661 | ---- | C] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3
[2011.12.17 15:08:22 | 097,788,381 | ---- | C] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3
[2011.12.17 14:44:56 | 097,480,766 | ---- | C] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3
[2011.12.16 07:29:58 | 173,614,161 | ---- | C] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3
[2011.12.15 19:55:02 | 009,006,535 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3
[2011.12.13 19:44:09 | 000,354,760 | ---- | C] () -- C:\Users\Micha\Desktop\chuckie.jpg
[2011.12.13 16:56:10 | 000,054,096 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg
[2011.12.13 16:56:07 | 000,054,174 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg
[2011.12.13 16:56:05 | 000,052,766 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg
[2011.12.13 16:56:02 | 000,054,636 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg
[2011.12.13 16:55:59 | 000,049,596 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg
[2011.12.13 16:55:55 | 000,047,476 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg
[2011.12.13 16:52:25 | 000,196,091 | ---- | C] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg
[2011.12.13 16:52:19 | 000,319,821 | ---- | C] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg
[2011.12.13 16:52:14 | 000,219,459 | ---- | C] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg
[2011.12.13 16:52:08 | 000,223,256 | ---- | C] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg
[2011.12.13 16:52:02 | 000,204,846 | ---- | C] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg
[2011.12.13 16:51:56 | 000,121,565 | ---- | C] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg
[2011.12.13 14:15:10 | 000,275,859 | ---- | C] () -- C:\Users\Micha\Desktop\img_8706.jpg
[2011.12.13 14:09:05 | 000,055,809 | ---- | C] () -- C:\Users\Micha\Desktop\Maria2.jpg
[2011.12.13 14:05:36 | 000,055,427 | ---- | C] () -- C:\Users\Micha\Desktop\Maria1.jpg
[2011.12.12 18:33:41 | 000,533,972 | ---- | C] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg
[2011.12.12 18:33:20 | 000,117,219 | ---- | C] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg
[2011.12.12 18:30:42 | 000,031,762 | ---- | C] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg
[2011.12.11 20:41:14 | 013,494,125 | ---- | C] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3
[2011.12.09 18:00:26 | 000,146,828 | ---- | C] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg
[2011.12.08 19:16:48 | 088,160,965 | ---- | C] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3
[2011.12.08 14:29:43 | 000,054,913 | ---- | C] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg
[2011.12.08 14:27:00 | 000,816,088 | ---- | C] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg
[2011.12.08 14:24:11 | 000,000,817 | ---- | C] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk
[2011.11.30 15:31:22 | 000,008,479 | ---- | C] () -- C:\Users\Micha\Desktop\Dglucsoe.png
[2011.11.29 15:41:21 | 014,182,400 | ---- | C] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3
[2011.11.26 14:00:53 | 000,011,986 | ---- | C] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png
[2011.11.26 13:58:27 | 000,028,135 | ---- | C] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png
[2011.11.22 16:46:25 | 000,175,836 | ---- | C] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.21 13:02:29 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011.04.22 15:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.16 17:06:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.16 15:02:36 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Local\PUTTY.RND
[2011.01.25 23:47:34 | 000,000,120 | ---- | C] () -- C:\Users\Micha\AppData\Local\Spewakoroxaziva.dat
[2011.01.25 23:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Local\Aduxohilo.bin
[2011.01.14 00:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\chrtmp
[2010.12.10 15:00:37 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.12.10 15:00:23 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.12.09 16:11:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.09 16:10:13 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2010.12.09 16:10:13 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010.12.09 15:58:39 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.23 14:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.10.28 13:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2010.09.27 13:03:32 | 000,000,078 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.15 10:02:13 | 000,005,870 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.14 14:33:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.30 16:52:55 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.28 14:59:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.25 16:07:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.05.25 16:07:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010.04.25 13:56:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.04.25 13:56:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.04.21 15:30:52 | 000,013,030 | ---- | C] () -- C:\Users\Micha\AppData\Local\PDOXUSRS.NET
[2010.04.16 18:42:53 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\winscp.rnd
[2010.02.16 22:09:51 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.16 22:09:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.02.12 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2005.04.08 03:16:43 | 000,040,879 | -H-- | C] () -- C:\Users\Micha\AppData\Roaming\cglogs.dat
[2000.08.02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507
[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports
[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360
[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo
[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot
[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite
[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations
[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden
[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader
[2011.12.19 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla
[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software
[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla
[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn
[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum
[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher
[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local
[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient
[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag
[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF
[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera
[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit
[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin
[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense
[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster
[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP
[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software
[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall
[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom
[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client
[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle
[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft
[2011.12.19 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2
[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView
[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD
[2011.12.03 18:13:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 19.12.2011 18:11:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,16% Memory free
8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,29 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 160,37 Gb Free Space | 20,43% Space Free | Partition Type: NTFS
 
Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1" = iNFekt NFO Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9F9FBC-5253-46D2-9883-09E55003D794}" = TechniSat DVB-PC TV Star
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ArgoUML" = ArgoUML 0.30.2
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 3.0.4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVBViewer Pro_is1" = DVBViewer Pro
"DVBViewer Recording Service_is1" = DVBViewer Recording Service
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FileZilla Client" = FileZilla Client 3.5.2
"Foxit Reader_is1" = Foxit Reader 5.1
"Hamachi" = Hamachi 1.0.1.2
"HotspotShield" = Hotspot Shield 1.56
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mp3tag" = Mp3tag v2.49
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.60.1185" = Opera 11.60
"Origin" = Origin
"PSPad editor_is1" = PSPad editor
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.11
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WinLiveSuite" = Windows Live Essentials
"Wondershare LiveBoot 2012_is1" = Wondershare LiveBoot 2012 (Build 7.0.1)
"xchat" = XChat 2 (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095
"sc12-CH_SF" = Ski Challenge 12 (SRF)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2011 11:42:34 | Computer Name = M7cha | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 02.03.2011 11:42:52 | Computer Name = M7cha | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 02.03.2011 11:42:53 | Computer Name = M7cha | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 03.03.2011 05:56:21 | Computer Name = M7cha | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 07.03.2011 04:30:18 | Computer Name = M7cha | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.7.5, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: minigtk.dll, Version: 2.8.0.2870, Zeitstempel:
 0x483a89a9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00019944  ID des fehlerhaften Prozesses:
 0xd80  Startzeit der fehlerhaften Anwendung: 0x01cbdc9fdf71471e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\xchat\xchat.exe  Pfad des fehlerhaften Moduls: 
C:\Program Files (x86)\xchat\minigtk.dll  Berichtskennung: 219ec71b-4895-11e0-89e9-0024215bb3f7
 
Error - 07.03.2011 09:37:15 | Computer Name = M7cha | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000343b6  ID des fehlerhaften Prozesses:
 0x368  Startzeit der fehlerhaften Anwendung: 0x01cbdcccacc751aa  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Native Instruments\Traktor\Traktor.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 02dce823-48c0-11e0-89e9-0024215bb3f7
 
Error - 07.03.2011 09:37:40 | Computer Name = M7cha | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000343b6  ID des fehlerhaften Prozesses:
 0x10f0  Startzeit der fehlerhaften Anwendung: 0x01cbdcccc7c8dc85  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Native Instruments\Traktor\Traktor.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 11ff079d-48c0-11e0-89e9-0024215bb3f7
 
[ OSession Events ]
Error - 02.03.2011 10:34:39 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2011 17:30:18 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2011 17:30:24 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2011 12:00:38 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.03.2011 12:15:42 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.04.2011 16:24:08 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2011 09:13:57 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2011 13:22:38 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2011 13:22:47 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.12.2011 02:54:07 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.12.2011 11:27:29 | Computer Name = M7cha | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.12.2011 11:27:38 | Computer Name = M7cha | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.12.2011 11:27:49 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:27:51 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:27:56 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:28:20 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:28:21 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:28:35 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:28:40 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.12.2011 11:28:40 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
         

Alt 19.12.2011, 20:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 20.12.2011, 20:50   #3
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Malwarebytes Vollscan:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8401

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 13:46:51
mbam-log-2011-12-20 (13-46-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 627662
Laufzeit: 3 Stunde(n), 4 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30049286.exe (Trojan.Agent) -> No action taken.
c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30052375.exe (Trojan.Agent) -> No action taken.
c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30052547.exe (Trojan.Agent) -> No action taken.
c:\Users\Micha\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.
         
ESET Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=20f5eeddfb699e4d91f3051daeae209d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 08:46:51
# local_time=2011-12-20 09:46:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5609190 5609190 0 0
# compatibility_mode=5893 16776574 100 94 25990334 76021992 0 0
# compatibility_mode=8192 67108863 100 0 63173 63173 0 0
# scanned=420633
# found=4
# cleaned=0
# scan_time=21868
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\8f85c44-4b11d10a	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-4b853750	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\77bf623e-7d1c0144	a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 20.12.2011, 21:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2011, 21:17   #5
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Zitat:
Zitat von cosinus Beitrag anzeigen
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
Wurden sie. Weiß auch nicht warum das im Log so steht...
Hab grd auch manuell nochmal nachgeguckt, die 4 Dateien sind nicht mehr zu finden.


Alt 20.12.2011, 21:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> 50€ Forderung bei Windows-Start

Alt 20.12.2011, 22:25   #7
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 20.12.2011 23:15:50 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,61% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,44 Gb Free Space | 2,95% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 164,29 Gb Free Space | 20,93% Space Free | Partition Type: NTFS
 
Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DVBVRecorder) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (UDST7000HID) -- C:\Windows\SysNative\drivers\UDST7000HID.sys (TechniSat Digital S.A.)
DRV:64bit: - (UDST7000BDA) -- C:\Windows\SysNative\drivers\UDST7000BDA.sys (TechniSat Digital S.A.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 77 1D A8 6C CF CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.xrel.to/releases.html"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 17:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 17:21:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.20 16:43:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.02 20:58:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}: C:\Users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C} [2011.01.25 23:47:32 | 000,000,000 | ---D | M]
 
[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.12.18 17:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions
[2011.12.16 07:21:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.11.26 11:45:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.12.08 19:30:32 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.09.22 13:16:59 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.08.31 14:20:01 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2011.12.20 16:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.25 23:47:32 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MICHA\APPDATA\LOCAL\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.12.17 06:09:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Micha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\
CHR - Extension: AdBlock = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\
 
Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4083B7D6-93C1-4546-8E69-A836839524AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03CCBA5-C47B-40C6-BB87-7FE386CD2366}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B19686-B466-4226-879D-D95AA3C392CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3653286783595232.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Bwozulugawo - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: DVBV Service Ctrl - hkey= - key= - C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (CM&V Hackbart)
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= - C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: MMTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Programme\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D6524E1C-48D7-7999-B612-BAE4363E1954} - Microsoft Windows Media Player 12.0
ActiveX: {DDFD74A3-6C10-6245-ADD5-794597C9825D} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 22:27:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2011.12.19 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes
[2011.12.19 21:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.19 21:59:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.14 16:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\FILSHtray
[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\FILSH_Media_GmbH
[2011.12.11 20:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray
[2011.12.11 20:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILSHtray
[2011.12.09 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2011.12.08 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 12 (SRF)
[2011.12.08 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Nitro PDF
[2011.12.08 14:12:36 | 000,028,968 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2011.12.08 14:12:36 | 000,017,192 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2011.12.08 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011.12.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations
[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô
[2011.11.24 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Sidhe
[2011.11.23 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Ubisoft Game Launcher
[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Assassin's Creed Revelations
[2011.11.22 21:54:20 | 000,000,000 | ---D | C] -- C:\Users\Micha\.android
[2011.11.22 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 23:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job
[2011.12.20 23:02:37 | 100,101,541 | ---- | M] () -- C:\Users\Micha\Desktop\Yes! Yearmix 2011 - Mix by Constantinos Saradis - www.yesradio.gr.mp3
[2011.12.20 22:55:25 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.20 22:55:25 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.20 22:55:25 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.20 22:55:25 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.20 22:55:25 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.20 22:38:01 | 070,493,516 | ---- | M] () -- C:\Users\Micha\Desktop\01 Bassive.m4a
[2011.12.20 22:27:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2011.12.20 21:58:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:58:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.20 21:53:10 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.20 21:53:09 | 002,087,996 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.12.20 20:30:34 | 199,380,928 | ---- | M] () -- C:\Users\Micha\Desktop\01-benji_b_-_bbc_radio1_(guest_araabmuzik)-sat-12-08-2011-talion.mp3
[2011.12.20 20:28:53 | 129,898,478 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - Live @ The Ritz Ybor, The Mothership Tour (Tampa, FL, USA) - 16.12.2011.mp3
[2011.12.20 17:12:33 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job
[2011.12.20 16:02:42 | 000,046,729 | ---- | M] () -- C:\Users\Micha\Desktop\L3_DoD.jpg
[2011.12.19 17:12:53 | 004,000,705 | ---- | M] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3
[2011.12.18 20:55:02 | 004,878,836 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3
[2011.12.18 20:51:04 | 007,010,338 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3
[2011.12.17 19:21:54 | 193,479,189 | ---- | M] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3
[2011.12.17 12:41:00 | 095,703,661 | ---- | M] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3
[2011.12.17 11:50:32 | 112,608,697 | ---- | M] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3
[2011.12.17 10:39:06 | 185,287,975 | ---- | M] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3
[2011.12.17 06:19:19 | 163,866,484 | ---- | M] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3
[2011.12.17 02:22:28 | 097,788,381 | ---- | M] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3
[2011.12.17 01:12:33 | 097,480,766 | ---- | M] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3
[2011.12.16 07:37:42 | 173,614,161 | ---- | M] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3
[2011.12.15 19:55:05 | 009,006,535 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3
[2011.12.14 11:55:21 | 005,173,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.13 19:44:10 | 000,354,760 | ---- | M] () -- C:\Users\Micha\Desktop\chuckie.jpg
[2011.12.13 16:56:10 | 000,054,096 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg
[2011.12.13 16:56:08 | 000,054,174 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg
[2011.12.13 16:56:05 | 000,052,766 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg
[2011.12.13 16:56:03 | 000,054,636 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg
[2011.12.13 16:56:00 | 000,049,596 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg
[2011.12.13 16:55:56 | 000,047,476 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg
[2011.12.13 16:52:26 | 000,196,091 | ---- | M] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg
[2011.12.13 16:52:20 | 000,319,821 | ---- | M] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg
[2011.12.13 16:52:14 | 000,219,459 | ---- | M] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg
[2011.12.13 16:52:08 | 000,223,256 | ---- | M] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg
[2011.12.13 16:52:03 | 000,204,846 | ---- | M] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg
[2011.12.13 16:51:57 | 000,121,565 | ---- | M] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg
[2011.12.13 14:15:11 | 000,275,859 | ---- | M] () -- C:\Users\Micha\Desktop\img_8706.jpg
[2011.12.13 14:09:06 | 000,055,809 | ---- | M] () -- C:\Users\Micha\Desktop\Maria2.jpg
[2011.12.13 14:05:37 | 000,055,427 | ---- | M] () -- C:\Users\Micha\Desktop\Maria1.jpg
[2011.12.12 18:33:42 | 000,533,972 | ---- | M] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg
[2011.12.12 18:33:21 | 000,117,219 | ---- | M] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg
[2011.12.12 18:30:43 | 000,031,762 | ---- | M] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg
[2011.12.11 20:41:27 | 013,494,125 | ---- | M] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3
[2011.12.09 18:00:30 | 000,146,828 | ---- | M] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg
[2011.12.09 07:34:17 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.08 19:17:43 | 088,160,965 | ---- | M] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3
[2011.12.08 14:29:44 | 000,054,913 | ---- | M] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg
[2011.12.08 14:27:01 | 000,816,088 | ---- | M] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg
[2011.12.08 14:24:11 | 000,000,817 | ---- | M] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk
[2011.11.30 15:31:23 | 000,008,479 | ---- | M] () -- C:\Users\Micha\Desktop\Dglucsoe.png
[2011.11.29 15:41:30 | 014,182,400 | ---- | M] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3
[2011.11.26 14:00:54 | 000,011,986 | ---- | M] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png
[2011.11.26 13:58:29 | 000,028,135 | ---- | M] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png
[2011.11.22 16:46:27 | 000,175,836 | ---- | M] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.20 23:01:40 | 100,101,541 | ---- | C] () -- C:\Users\Micha\Desktop\Yes! Yearmix 2011 - Mix by Constantinos Saradis - www.yesradio.gr.mp3
[2011.12.20 22:36:27 | 070,493,516 | ---- | C] () -- C:\Users\Micha\Desktop\01 Bassive.m4a
[2011.12.20 20:27:02 | 199,380,928 | ---- | C] () -- C:\Users\Micha\Desktop\01-benji_b_-_bbc_radio1_(guest_araabmuzik)-sat-12-08-2011-talion.mp3
[2011.12.20 20:26:10 | 129,898,478 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - Live @ The Ritz Ybor, The Mothership Tour (Tampa, FL, USA) - 16.12.2011.mp3
[2011.12.20 16:02:39 | 000,046,729 | ---- | C] () -- C:\Users\Micha\Desktop\L3_DoD.jpg
[2011.12.19 17:12:52 | 004,000,705 | ---- | C] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3
[2011.12.18 20:54:23 | 004,878,836 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3
[2011.12.18 20:50:59 | 007,010,338 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3
[2011.12.17 19:19:19 | 193,479,189 | ---- | C] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3
[2011.12.17 15:25:49 | 112,608,697 | ---- | C] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3
[2011.12.17 15:25:37 | 163,866,484 | ---- | C] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3
[2011.12.17 15:25:26 | 185,287,975 | ---- | C] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3
[2011.12.17 15:09:23 | 095,703,661 | ---- | C] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3
[2011.12.17 15:08:22 | 097,788,381 | ---- | C] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3
[2011.12.17 14:44:56 | 097,480,766 | ---- | C] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3
[2011.12.16 07:29:58 | 173,614,161 | ---- | C] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3
[2011.12.15 19:55:02 | 009,006,535 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3
[2011.12.13 19:44:09 | 000,354,760 | ---- | C] () -- C:\Users\Micha\Desktop\chuckie.jpg
[2011.12.13 16:56:10 | 000,054,096 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg
[2011.12.13 16:56:07 | 000,054,174 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg
[2011.12.13 16:56:05 | 000,052,766 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg
[2011.12.13 16:56:02 | 000,054,636 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg
[2011.12.13 16:55:59 | 000,049,596 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg
[2011.12.13 16:55:55 | 000,047,476 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg
[2011.12.13 16:52:25 | 000,196,091 | ---- | C] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg
[2011.12.13 16:52:19 | 000,319,821 | ---- | C] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg
[2011.12.13 16:52:14 | 000,219,459 | ---- | C] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg
[2011.12.13 16:52:08 | 000,223,256 | ---- | C] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg
[2011.12.13 16:52:02 | 000,204,846 | ---- | C] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg
[2011.12.13 16:51:56 | 000,121,565 | ---- | C] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg
[2011.12.13 14:15:10 | 000,275,859 | ---- | C] () -- C:\Users\Micha\Desktop\img_8706.jpg
[2011.12.13 14:09:05 | 000,055,809 | ---- | C] () -- C:\Users\Micha\Desktop\Maria2.jpg
[2011.12.13 14:05:36 | 000,055,427 | ---- | C] () -- C:\Users\Micha\Desktop\Maria1.jpg
[2011.12.12 18:33:41 | 000,533,972 | ---- | C] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg
[2011.12.12 18:33:20 | 000,117,219 | ---- | C] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg
[2011.12.12 18:30:42 | 000,031,762 | ---- | C] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg
[2011.12.11 20:41:14 | 013,494,125 | ---- | C] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3
[2011.12.09 18:00:26 | 000,146,828 | ---- | C] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg
[2011.12.08 19:16:48 | 088,160,965 | ---- | C] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3
[2011.12.08 14:29:43 | 000,054,913 | ---- | C] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg
[2011.12.08 14:27:00 | 000,816,088 | ---- | C] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg
[2011.12.08 14:24:11 | 000,000,817 | ---- | C] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk
[2011.11.30 15:31:22 | 000,008,479 | ---- | C] () -- C:\Users\Micha\Desktop\Dglucsoe.png
[2011.11.29 15:41:21 | 014,182,400 | ---- | C] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3
[2011.11.26 14:00:53 | 000,011,986 | ---- | C] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png
[2011.11.26 13:58:27 | 000,028,135 | ---- | C] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png
[2011.11.22 16:46:25 | 000,175,836 | ---- | C] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.21 13:02:29 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011.04.22 15:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.16 17:06:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.16 15:02:36 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Local\PUTTY.RND
[2011.01.25 23:47:34 | 000,000,120 | ---- | C] () -- C:\Users\Micha\AppData\Local\Spewakoroxaziva.dat
[2011.01.25 23:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Local\Aduxohilo.bin
[2011.01.14 00:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\chrtmp
[2010.12.10 15:00:37 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.12.10 15:00:23 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.12.09 16:11:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.09 16:10:13 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2010.12.09 16:10:13 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010.12.09 15:58:39 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.23 14:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.10.28 13:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2010.09.27 13:03:32 | 000,000,078 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.15 10:02:13 | 000,005,870 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.14 14:33:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.30 16:52:55 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.28 14:59:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.25 16:07:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.05.25 16:07:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010.04.25 13:56:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.04.25 13:56:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.04.21 15:30:52 | 000,013,030 | ---- | C] () -- C:\Users\Micha\AppData\Local\PDOXUSRS.NET
[2010.04.16 18:42:53 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\winscp.rnd
[2010.02.16 22:09:51 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.16 22:09:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.02.12 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2000.08.02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507
[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports
[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360
[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo
[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot
[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite
[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations
[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden
[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader
[2011.12.20 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla
[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software
[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla
[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn
[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum
[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher
[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local
[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient
[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag
[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF
[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera
[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit
[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin
[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense
[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster
[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP
[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software
[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall
[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom
[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client
[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle
[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft
[2011.12.20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2
[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView
[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD
[2011.12.03 18:13:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507
[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports
[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360
[2011.12.20 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Adobe
[2010.09.29 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Adobe Mini Bridge CS5
[2011.10.19 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Apple Computer
[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo
[2011.10.16 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Avira
[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot
[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite
[2011.07.02 12:44:16 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Digsby
[2010.12.14 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DivX
[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations
[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden
[2010.06.30 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\dvdcss
[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader
[2011.12.20 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla
[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software
[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla
[2011.07.17 11:45:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Hamachi
[2010.02.05 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Identities
[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn
[2010.02.05 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\InstallShield
[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum
[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher
[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local
[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient
[2010.02.05 19:27:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Macromedia
[2011.12.19 21:59:22 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Media Center Programs
[2011.11.20 15:02:10 | 000,000,000 | --SD | M] -- C:\Users\Micha\AppData\Roaming\Microsoft
[2010.02.12 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mozilla
[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag
[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF
[2011.10.29 10:50:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\NVIDIA
[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera
[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit
[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin
[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense
[2010.02.07 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PSpad
[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster
[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP
[2010.04.18 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\SecuROM
[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software
[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall
[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom
[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client
[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle
[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft
[2011.08.02 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\vlc
[2011.03.08 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\WinRAR
[2011.12.20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2
[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView
[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2010.05.09 19:21:43 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Micha\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.02.13 20:30:51 | 000,376,320 | R--- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
[2011.06.06 16:51:48 | 000,188,152 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\FlashGot.exe
[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Micha\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2010.11.06 19:07:00 | 000,341,504 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe
[2010.11.06 19:07:00 | 000,335,360 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\HTCHome.exe
[2010.11.06 19:06:35 | 000,123,904 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\Uninstall\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6

< End of report >
         

Alt 21.12.2011, 09:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..browser.startup.homepage: "http://www.xrel.to/releases.html"
O4 - HKCU..\Run: [AdobeBridge]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun
O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe
[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô
[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507
@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 15:14   #9
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "hxxp://www.xrel.to/releases.html" removed from browser.startup.homepage
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.
File F:\Setup.exe not found.
C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\SE folder moved successfully.
C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\res folder moved successfully.
C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\BGM folder moved successfully.
C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô folder moved successfully.
C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507 folder moved successfully.
ADS C:\Windows:E2047556A8055CD6 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 434190 bytes
->Temporary Internet Files folder emptied: 57603 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mcx1-M7CHA
->Temp folder emptied: 311762 bytes
->Temporary Internet Files folder emptied: 32106672 bytes
 
User: Micha
->Temp folder emptied: 146796427 bytes
->Temporary Internet Files folder emptied: 405630 bytes
->Java cache emptied: 37810740 bytes
->FireFox cache emptied: 316969861 bytes
->Google Chrome cache emptied: 10198967 bytes
->Apple Safari cache emptied: 13708288 bytes
->Opera cache emptied: 14014998 bytes
->Flash cache emptied: 1954237 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 4848912 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 554,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12212011_160325

Files\Folders moved on Reboot...
C:\Users\Micha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 21.12.2011, 15:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 17:02   #11
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Log:

Code:
ATTFilter
17:59:54.0567 3416	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:59:54.0735 3416	============================================================
17:59:54.0735 3416	Current date / time: 2011/12/21 17:59:54.0735
17:59:54.0735 3416	SystemInfo:
17:59:54.0735 3416	
17:59:54.0735 3416	OS Version: 6.1.7601 ServicePack: 1.0
17:59:54.0735 3416	Product type: Workstation
17:59:54.0735 3416	ComputerName: M7CHA
17:59:54.0735 3416	UserName: Micha
17:59:54.0735 3416	Windows directory: C:\Windows
17:59:54.0735 3416	System windows directory: C:\Windows
17:59:54.0735 3416	Running under WOW64
17:59:54.0736 3416	Processor architecture: Intel x64
17:59:54.0736 3416	Number of processors: 4
17:59:54.0736 3416	Page size: 0x1000
17:59:54.0736 3416	Boot type: Normal boot
17:59:54.0736 3416	============================================================
17:59:55.0747 3416	Initialize success
18:00:03.0461 4436	============================================================
18:00:03.0461 4436	Scan started
18:00:03.0461 4436	Mode: Manual; SigCheck; TDLFS; 
18:00:03.0461 4436	============================================================
18:00:04.0223 4436	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:00:04.0331 4436	1394ohci - ok
18:00:04.0388 4436	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:00:04.0399 4436	ACPI - ok
18:00:04.0415 4436	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:00:04.0442 4436	AcpiPmi - ok
18:00:04.0513 4436	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
18:00:04.0604 4436	adfs - ok
18:00:04.0675 4436	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:00:04.0698 4436	adp94xx - ok
18:00:04.0729 4436	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:00:04.0760 4436	adpahci - ok
18:00:04.0788 4436	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:00:04.0802 4436	adpu320 - ok
18:00:04.0853 4436	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:00:04.0895 4436	AFD - ok
18:00:04.0915 4436	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:00:04.0932 4436	agp440 - ok
18:00:04.0956 4436	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:00:04.0972 4436	aliide - ok
18:00:04.0989 4436	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:00:05.0004 4436	amdide - ok
18:00:05.0025 4436	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:00:05.0064 4436	AmdK8 - ok
18:00:05.0116 4436	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:00:05.0167 4436	AmdPPM - ok
18:00:05.0207 4436	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:00:05.0246 4436	amdsata - ok
18:00:05.0268 4436	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:00:05.0289 4436	amdsbs - ok
18:00:05.0303 4436	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:00:05.0319 4436	amdxata - ok
18:00:05.0372 4436	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:00:05.0412 4436	AppID - ok
18:00:05.0440 4436	appliandMP - ok
18:00:05.0488 4436	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:00:05.0523 4436	arc - ok
18:00:05.0550 4436	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:00:05.0563 4436	arcsas - ok
18:00:05.0603 4436	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:00:05.0743 4436	AsyncMac - ok
18:00:05.0775 4436	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:00:05.0783 4436	atapi - ok
18:00:05.0841 4436	athrusb         (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys
18:00:05.0880 4436	athrusb - ok
18:00:05.0947 4436	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:00:05.0978 4436	avgntflt - ok
18:00:06.0011 4436	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:00:06.0025 4436	avipbb - ok
18:00:06.0061 4436	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:00:06.0071 4436	avkmgr - ok
18:00:06.0123 4436	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:00:06.0195 4436	b06bdrv - ok
18:00:06.0241 4436	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:00:06.0270 4436	b57nd60a - ok
18:00:06.0289 4436	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:00:06.0327 4436	Beep - ok
18:00:06.0373 4436	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:00:06.0397 4436	blbdrive - ok
18:00:06.0442 4436	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:00:06.0489 4436	bowser - ok
18:00:06.0511 4436	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:00:06.0540 4436	BrFiltLo - ok
18:00:06.0560 4436	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:00:06.0586 4436	BrFiltUp - ok
18:00:06.0599 4436	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:00:06.0638 4436	Brserid - ok
18:00:06.0657 4436	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:00:06.0687 4436	BrSerWdm - ok
18:00:06.0700 4436	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:00:06.0728 4436	BrUsbMdm - ok
18:00:06.0743 4436	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:00:06.0771 4436	BrUsbSer - ok
18:00:06.0804 4436	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:00:06.0827 4436	BTHMODEM - ok
18:00:06.0845 4436	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:00:06.0890 4436	cdfs - ok
18:00:06.0920 4436	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:00:06.0957 4436	cdrom - ok
18:00:06.0977 4436	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:00:07.0008 4436	circlass - ok
18:00:07.0032 4436	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:00:07.0045 4436	CLFS - ok
18:00:07.0143 4436	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:00:07.0186 4436	CmBatt - ok
18:00:07.0221 4436	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:00:07.0234 4436	cmdide - ok
18:00:07.0277 4436	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:00:07.0314 4436	CNG - ok
18:00:07.0328 4436	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:00:07.0339 4436	Compbatt - ok
18:00:07.0359 4436	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:00:07.0390 4436	CompositeBus - ok
18:00:07.0415 4436	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:00:07.0426 4436	crcdisk - ok
18:00:07.0461 4436	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:00:07.0521 4436	CSC - ok
18:00:07.0566 4436	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:00:07.0643 4436	DfsC - ok
18:00:07.0660 4436	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:00:07.0697 4436	discache - ok
18:00:07.0706 4436	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:00:07.0718 4436	Disk - ok
18:00:07.0753 4436	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:00:07.0773 4436	drmkaud - ok
18:00:07.0813 4436	dump_wmimmc - ok
18:00:07.0896 4436	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:00:07.0962 4436	DXGKrnl - ok
18:00:07.0989 4436	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:00:08.0004 4436	E1G60 - ok
18:00:08.0083 4436	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:00:08.0154 4436	ebdrv - ok
18:00:08.0193 4436	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:00:08.0214 4436	elxstor - ok
18:00:08.0322 4436	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:00:08.0400 4436	ErrDev - ok
18:00:08.0467 4436	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:00:08.0528 4436	exfat - ok
18:00:08.0577 4436	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:00:08.0620 4436	fastfat - ok
18:00:08.0644 4436	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:00:08.0657 4436	fdc - ok
18:00:08.0682 4436	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:00:08.0694 4436	FileInfo - ok
18:00:08.0714 4436	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:00:08.0754 4436	Filetrace - ok
18:00:08.0807 4436	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:00:08.0852 4436	flpydisk - ok
18:00:08.0891 4436	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:00:08.0909 4436	FltMgr - ok
18:00:08.0921 4436	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:00:08.0933 4436	FsDepends - ok
18:00:08.0950 4436	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:00:08.0961 4436	Fs_Rec - ok
18:00:09.0005 4436	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:00:09.0036 4436	fvevol - ok
18:00:09.0066 4436	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:00:09.0084 4436	gagp30kx - ok
18:00:09.0122 4436	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:00:09.0135 4436	GEARAspiWDM - ok
18:00:09.0193 4436	hamachi         (081ec78c25ba9b2a41f2e807736ff659) C:\Windows\system32\DRIVERS\hamachi.sys
18:00:09.0213 4436	hamachi - ok
18:00:09.0274 4436	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:00:09.0325 4436	hcw85cir - ok
18:00:09.0386 4436	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:00:09.0455 4436	HdAudAddService - ok
18:00:09.0475 4436	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:00:09.0493 4436	HDAudBus - ok
18:00:09.0510 4436	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:00:09.0540 4436	HidBatt - ok
18:00:09.0562 4436	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:00:09.0630 4436	HidBth - ok
18:00:09.0638 4436	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:00:09.0656 4436	HidIr - ok
18:00:09.0717 4436	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:00:09.0752 4436	HidUsb - ok
18:00:09.0772 4436	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:00:09.0784 4436	HpSAMD - ok
18:00:09.0836 4436	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:00:09.0882 4436	HTTP - ok
18:00:09.0909 4436	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:00:09.0917 4436	hwpolicy - ok
18:00:09.0952 4436	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:00:09.0968 4436	i8042prt - ok
18:00:10.0008 4436	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:00:10.0027 4436	iaStorV - ok
18:00:10.0044 4436	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:00:10.0057 4436	iirsp - ok
18:00:10.0085 4436	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:00:10.0095 4436	intelide - ok
18:00:10.0118 4436	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:00:10.0143 4436	intelppm - ok
18:00:10.0201 4436	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:10.0284 4436	IpFilterDriver - ok
18:00:10.0309 4436	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:00:10.0331 4436	IPMIDRV - ok
18:00:10.0355 4436	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:00:10.0390 4436	IPNAT - ok
18:00:10.0449 4436	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:00:10.0490 4436	IRENUM - ok
18:00:10.0513 4436	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:00:10.0529 4436	isapnp - ok
18:00:10.0571 4436	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:00:10.0598 4436	iScsiPrt - ok
18:00:10.0617 4436	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:00:10.0634 4436	kbdclass - ok
18:00:10.0681 4436	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:00:10.0730 4436	kbdhid - ok
18:00:10.0761 4436	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:00:10.0779 4436	KSecDD - ok
18:00:10.0803 4436	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:00:10.0824 4436	KSecPkg - ok
18:00:10.0842 4436	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:00:10.0881 4436	ksthunk - ok
18:00:10.0912 4436	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:00:10.0959 4436	lltdio - ok
18:00:10.0988 4436	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:00:11.0001 4436	LSI_FC - ok
18:00:11.0024 4436	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:00:11.0036 4436	LSI_SAS - ok
18:00:11.0056 4436	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:00:11.0068 4436	LSI_SAS2 - ok
18:00:11.0077 4436	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:00:11.0090 4436	LSI_SCSI - ok
18:00:11.0113 4436	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:00:11.0185 4436	luafv - ok
18:00:11.0206 4436	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:00:11.0217 4436	megasas - ok
18:00:11.0243 4436	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:00:11.0261 4436	MegaSR - ok
18:00:11.0286 4436	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:00:11.0327 4436	Modem - ok
18:00:11.0342 4436	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:00:11.0358 4436	monitor - ok
18:00:11.0393 4436	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:00:11.0404 4436	mouclass - ok
18:00:11.0427 4436	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:00:11.0447 4436	mouhid - ok
18:00:11.0491 4436	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:00:11.0521 4436	mountmgr - ok
18:00:11.0552 4436	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:00:11.0575 4436	mpio - ok
18:00:11.0591 4436	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:00:11.0629 4436	mpsdrv - ok
18:00:11.0678 4436	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:00:11.0767 4436	MRxDAV - ok
18:00:11.0827 4436	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:11.0878 4436	mrxsmb - ok
18:00:11.0928 4436	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:11.0958 4436	mrxsmb10 - ok
18:00:12.0013 4436	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:12.0028 4436	mrxsmb20 - ok
18:00:12.0050 4436	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:00:12.0061 4436	msahci - ok
18:00:12.0079 4436	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:00:12.0096 4436	msdsm - ok
18:00:12.0124 4436	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:00:12.0169 4436	Msfs - ok
18:00:12.0203 4436	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:00:12.0263 4436	mshidkmdf - ok
18:00:12.0297 4436	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:00:12.0326 4436	msisadrv - ok
18:00:12.0369 4436	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:00:12.0441 4436	MSKSSRV - ok
18:00:12.0472 4436	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:12.0506 4436	MSPCLOCK - ok
18:00:12.0514 4436	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:00:12.0542 4436	MSPQM - ok
18:00:12.0585 4436	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:00:12.0602 4436	MsRPC - ok
18:00:12.0637 4436	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:00:12.0644 4436	mssmbios - ok
18:00:12.0659 4436	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:00:12.0696 4436	MSTEE - ok
18:00:12.0713 4436	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:00:12.0725 4436	MTConfig - ok
18:00:12.0787 4436	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:00:12.0799 4436	Mup - ok
18:00:12.0835 4436	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:00:12.0880 4436	NativeWifiP - ok
18:00:12.0928 4436	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:00:12.0953 4436	NDIS - ok
18:00:12.0990 4436	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:00:13.0036 4436	NdisCap - ok
18:00:13.0064 4436	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:13.0093 4436	NdisTapi - ok
18:00:13.0133 4436	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:13.0175 4436	Ndisuio - ok
18:00:13.0212 4436	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:13.0256 4436	NdisWan - ok
18:00:13.0288 4436	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:00:13.0334 4436	NDProxy - ok
18:00:13.0350 4436	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:00:13.0394 4436	NetBIOS - ok
18:00:13.0412 4436	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:00:13.0449 4436	NetBT - ok
18:00:13.0484 4436	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:00:13.0496 4436	nfrd960 - ok
18:00:13.0518 4436	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:00:13.0556 4436	Npfs - ok
18:00:13.0584 4436	NPPTNT2 - ok
18:00:13.0595 4436	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:00:13.0621 4436	nsiproxy - ok
18:00:13.0687 4436	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:00:13.0772 4436	Ntfs - ok
18:00:13.0787 4436	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:00:13.0824 4436	Null - ok
18:00:14.0091 4436	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:00:14.0367 4436	nvlddmkm - ok
18:00:14.0403 4436	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:00:14.0416 4436	nvraid - ok
18:00:14.0435 4436	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:00:14.0449 4436	nvstor - ok
18:00:14.0536 4436	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:00:14.0577 4436	nv_agp - ok
18:00:14.0626 4436	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:00:14.0650 4436	ohci1394 - ok
18:00:14.0701 4436	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:00:14.0751 4436	Parport - ok
18:00:14.0788 4436	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:00:14.0807 4436	partmgr - ok
18:00:14.0833 4436	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:00:14.0856 4436	pci - ok
18:00:14.0871 4436	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:00:14.0886 4436	pciide - ok
18:00:14.0910 4436	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:00:14.0933 4436	pcmcia - ok
18:00:14.0956 4436	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:00:14.0974 4436	pcw - ok
18:00:15.0001 4436	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:00:15.0081 4436	PEAUTH - ok
18:00:15.0112 4436	pfc - ok
18:00:15.0198 4436	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:00:15.0269 4436	PptpMiniport - ok
18:00:15.0286 4436	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:00:15.0300 4436	Processor - ok
18:00:15.0343 4436	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:00:15.0385 4436	Psched - ok
18:00:15.0443 4436	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:00:15.0494 4436	ql2300 - ok
18:00:15.0514 4436	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:00:15.0528 4436	ql40xx - ok
18:00:15.0552 4436	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:00:15.0574 4436	QWAVEdrv - ok
18:00:15.0593 4436	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:00:15.0621 4436	RasAcd - ok
18:00:15.0662 4436	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:00:15.0753 4436	RasAgileVpn - ok
18:00:15.0791 4436	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:15.0822 4436	Rasl2tp - ok
18:00:15.0832 4436	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:15.0886 4436	RasPppoe - ok
18:00:15.0894 4436	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:00:15.0925 4436	RasSstp - ok
18:00:15.0969 4436	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:00:16.0066 4436	rdbss - ok
18:00:16.0074 4436	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:00:16.0101 4436	rdpbus - ok
18:00:16.0126 4436	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:16.0165 4436	RDPCDD - ok
18:00:16.0205 4436	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:00:16.0265 4436	RDPDR - ok
18:00:16.0293 4436	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:00:16.0346 4436	RDPENCDD - ok
18:00:16.0370 4436	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:00:16.0398 4436	RDPREFMP - ok
18:00:16.0456 4436	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:00:16.0510 4436	RdpVideoMiniport - ok
18:00:16.0561 4436	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:00:16.0630 4436	RDPWD - ok
18:00:16.0670 4436	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:00:16.0685 4436	rdyboost - ok
18:00:16.0741 4436	RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
18:00:16.0783 4436	RMCAST - ok
18:00:16.0808 4436	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:00:16.0839 4436	rspndr - ok
18:00:16.0882 4436	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:00:16.0901 4436	RTL8167 - ok
18:00:16.0935 4436	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:00:16.0983 4436	s3cap - ok
18:00:17.0026 4436	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:00:17.0064 4436	sbp2port - ok
18:00:17.0125 4436	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:00:17.0188 4436	scfilter - ok
18:00:17.0211 4436	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:00:17.0256 4436	secdrv - ok
18:00:17.0276 4436	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:00:17.0297 4436	Serenum - ok
18:00:17.0305 4436	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:00:17.0319 4436	Serial - ok
18:00:17.0354 4436	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:00:17.0375 4436	sermouse - ok
18:00:17.0415 4436	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:00:17.0452 4436	sffdisk - ok
18:00:17.0471 4436	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:00:17.0493 4436	sffp_mmc - ok
18:00:17.0510 4436	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:00:17.0530 4436	sffp_sd - ok
18:00:17.0541 4436	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:00:17.0555 4436	sfloppy - ok
18:00:17.0590 4436	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:00:17.0602 4436	SiSRaid2 - ok
18:00:17.0614 4436	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:00:17.0625 4436	SiSRaid4 - ok
18:00:17.0662 4436	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:00:17.0713 4436	Smb - ok
18:00:17.0740 4436	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:00:17.0751 4436	spldr - ok
18:00:17.0800 4436	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:00:17.0800 4436	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:00:17.0802 4436	sptd ( LockedFile.Multi.Generic ) - warning
18:00:17.0802 4436	sptd - detected LockedFile.Multi.Generic (1)
18:00:17.0838 4436	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:00:17.0859 4436	srv - ok
18:00:17.0894 4436	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:00:17.0922 4436	srv2 - ok
18:00:17.0946 4436	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:00:17.0961 4436	srvnet - ok
18:00:18.0017 4436	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:00:18.0040 4436	stexstor - ok
18:00:18.0059 4436	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:00:18.0076 4436	storflt - ok
18:00:18.0103 4436	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:00:18.0120 4436	storvsc - ok
18:00:18.0142 4436	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:00:18.0157 4436	swenum - ok
18:00:18.0195 4436	Synth3dVsc - ok
18:00:18.0242 4436	tap0901         (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys
18:00:18.0276 4436	tap0901 - ok
18:00:18.0306 4436	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:00:18.0321 4436	taphss - ok
18:00:18.0390 4436	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:00:18.0459 4436	Tcpip - ok
18:00:18.0675 4436	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:00:18.0726 4436	TCPIP6 - ok
18:00:18.0761 4436	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:00:18.0829 4436	tcpipreg - ok
18:00:18.0846 4436	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:00:18.0893 4436	TDPIPE - ok
18:00:18.0914 4436	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:00:18.0943 4436	TDTCP - ok
18:00:18.0971 4436	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:00:19.0003 4436	tdx - ok
18:00:19.0019 4436	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:00:19.0031 4436	TermDD - ok
18:00:19.0098 4436	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:19.0130 4436	tssecsrv - ok
18:00:19.0164 4436	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:00:19.0206 4436	TsUsbFlt - ok
18:00:19.0213 4436	tsusbhub - ok
18:00:19.0257 4436	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:00:19.0293 4436	tunnel - ok
18:00:19.0312 4436	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:00:19.0324 4436	uagp35 - ok
18:00:19.0370 4436	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:00:19.0410 4436	udfs - ok
18:00:19.0461 4436	UDST7000BDA     (20d0fdd0225a1722ca1575b31d09bc07) C:\Windows\system32\Drivers\UDST7000BDA.sys
18:00:19.0519 4436	UDST7000BDA - ok
18:00:19.0571 4436	UDST7000HID     (41bc5fdfe908f0f02486cd7289f2ad8a) C:\Windows\system32\drivers\UDST7000HID.sys
18:00:19.0600 4436	UDST7000HID - ok
18:00:19.0634 4436	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:00:19.0648 4436	uliagpkx - ok
18:00:19.0692 4436	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:00:19.0721 4436	umbus - ok
18:00:19.0751 4436	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:00:19.0784 4436	UmPass - ok
18:00:19.0848 4436	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
18:00:19.0861 4436	UnlockerDriver5 - ok
18:00:19.0930 4436	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:00:19.0954 4436	USBAAPL64 - ok
18:00:20.0008 4436	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:00:20.0067 4436	usbccgp - ok
18:00:20.0124 4436	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:00:20.0169 4436	usbcir - ok
18:00:20.0211 4436	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:00:20.0230 4436	usbehci - ok
18:00:20.0264 4436	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:00:20.0306 4436	usbhub - ok
18:00:20.0350 4436	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:00:20.0385 4436	usbohci - ok
18:00:20.0411 4436	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:00:20.0432 4436	usbprint - ok
18:00:20.0474 4436	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:00:20.0496 4436	usbscan - ok
18:00:20.0530 4436	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:20.0551 4436	USBSTOR - ok
18:00:20.0588 4436	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:00:20.0633 4436	usbuhci - ok
18:00:20.0683 4436	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:00:20.0700 4436	vdrvroot - ok
18:00:20.0723 4436	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:20.0743 4436	vga - ok
18:00:20.0764 4436	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:00:20.0826 4436	VgaSave - ok
18:00:20.0846 4436	VGPU - ok
18:00:20.0870 4436	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:00:20.0887 4436	vhdmp - ok
18:00:20.0906 4436	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:00:20.0916 4436	viaide - ok
18:00:20.0940 4436	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:00:20.0955 4436	vmbus - ok
18:00:20.0974 4436	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:00:20.0999 4436	VMBusHID - ok
18:00:21.0019 4436	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:00:21.0030 4436	volmgr - ok
18:00:21.0075 4436	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:00:21.0101 4436	volmgrx - ok
18:00:21.0136 4436	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:00:21.0162 4436	volsnap - ok
18:00:21.0199 4436	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:00:21.0220 4436	vsmraid - ok
18:00:21.0237 4436	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:00:21.0272 4436	vwifibus - ok
18:00:21.0300 4436	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:00:21.0331 4436	WacomPen - ok
18:00:21.0351 4436	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:00:21.0411 4436	WANARP - ok
18:00:21.0416 4436	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:00:21.0442 4436	Wanarpv6 - ok
18:00:21.0477 4436	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:00:21.0505 4436	Wd - ok
18:00:21.0535 4436	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:00:21.0570 4436	Wdf01000 - ok
18:00:21.0612 4436	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:00:21.0640 4436	WfpLwf - ok
18:00:21.0664 4436	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:00:21.0675 4436	WIMMount - ok
18:00:21.0732 4436	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:00:21.0747 4436	WinUsb - ok
18:00:21.0781 4436	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:00:21.0810 4436	WmiAcpi - ok
18:00:21.0855 4436	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:00:21.0907 4436	ws2ifsl - ok
18:00:21.0950 4436	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:00:22.0016 4436	WudfPf - ok
18:00:22.0047 4436	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:22.0126 4436	WUDFRd - ok
18:00:22.0172 4436	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
18:00:22.0190 4436	xusb21 - ok
18:00:22.0222 4436	ZDCNDIS6a64 - ok
18:00:22.0261 4436	ZY202_VS        (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\WlanGZG.sys
18:00:22.0308 4436	ZY202_VS - ok
18:00:22.0341 4436	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:00:22.0471 4436	\Device\Harddisk0\DR0 - ok
18:00:22.0478 4436	Boot (0x1200)   (017132619628430ce765531272350aa0) \Device\Harddisk0\DR0\Partition0
18:00:22.0479 4436	\Device\Harddisk0\DR0\Partition0 - ok
18:00:22.0517 4436	Boot (0x1200)   (9db0158ae8a6d83532f4e4a0290ade9b) \Device\Harddisk0\DR0\Partition1
18:00:22.0519 4436	\Device\Harddisk0\DR0\Partition1 - ok
18:00:22.0522 4436	Boot (0x1200)   (ed3f2656da8fb06b6249c5fa3b365287) \Device\Harddisk0\DR0\Partition2
18:00:22.0523 4436	\Device\Harddisk0\DR0\Partition2 - ok
18:00:22.0524 4436	============================================================
18:00:22.0524 4436	Scan finished
18:00:22.0524 4436	============================================================
18:00:22.0537 4368	Detected object count: 1
18:00:22.0537 4368	Actual detected object count: 1
18:01:25.0986 4368	sptd ( LockedFile.Multi.Generic ) - skipped by user
18:01:25.0986 4368	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.12.2011, 18:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 21:45   #13
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Log:

Code:
ATTFilter
ComboFix 11-12-21.02 - Micha 21.12.2011  22:37:16.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2340 [GMT 1:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}
c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome.manifest
c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome\content\_cfg.js
c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome\content\overlay.xul
c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\install.rdf
c:\users\Micha\AppData\Roaming\Adobe\plugs
c:\users\Micha\AppData\Roaming\chrtmp
c:\users\Micha\AppData\Roaming\Local
c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))
.
.
2011-12-21 15:03 . 2011-12-21 15:03	--------	d-----w-	C:\_OTL
2011-12-20 15:43 . 2011-12-17 05:09	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-20 15:43 . 2011-12-17 01:19	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-20 15:43 . 2011-12-17 01:19	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-20 15:43 . 2011-12-17 01:19	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-19 20:59 . 2011-12-19 20:59	--------	d-----w-	c:\users\Micha\AppData\Roaming\Malwarebytes
2011-12-19 20:59 . 2011-12-19 20:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-19 20:59 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-14 15:18 . 2011-12-14 15:18	--------	d-----w-	c:\program files\iTunes
2011-12-14 15:18 . 2011-12-14 15:18	--------	d-----w-	c:\program files\iPod
2011-12-14 06:34 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 06:33 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 06:33 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 06:33 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-14 06:33 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 06:33 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-11 19:40 . 2011-12-11 19:40	--------	d-----w-	c:\users\Micha\AppData\Local\FILSH_Media_GmbH
2011-12-11 19:40 . 2011-12-20 21:57	--------	d-----w-	c:\program files (x86)\FILSHtray
2011-12-08 13:12 . 2011-12-08 13:13	--------	d-----w-	c:\users\Micha\AppData\Roaming\Nitro PDF
2011-12-08 13:12 . 2011-10-25 15:13	17192	----a-w-	c:\windows\system32\nitrolocalui2.dll
2011-12-08 13:12 . 2011-10-25 15:13	28968	----a-w-	c:\windows\system32\nitrolocalmon2.dll
2011-12-08 13:12 . 2011-12-08 13:12	--------	d-----w-	c:\programdata\Nitro PDF
2011-12-08 13:11 . 2011-12-08 13:11	--------	d-----w-	c:\users\Micha\AppData\Roaming\Downloaded Installations
2011-11-24 11:43 . 2011-11-24 11:43	--------	d-----w-	c:\users\Micha\AppData\Local\Sidhe
2011-11-23 21:46 . 2011-12-05 16:09	--------	d-----w-	c:\users\Micha\AppData\Local\Ubisoft Game Launcher
2011-11-23 21:46 . 2011-11-23 21:46	--------	d-----w-	c:\programdata\Ubisoft
2011-11-22 20:54 . 2011-11-22 21:11	--------	d-----w-	c:\users\Micha\.android
2011-11-22 20:54 . 2011-11-22 22:05	--------	d-----w-	c:\program files (x86)\Android
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 06:34 . 2011-10-16 16:35	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-10 18:25 . 2011-05-16 13:24	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-10-15 08:53 . 2011-10-25 13:48	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-10-25 13:48	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-10-25 13:48	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-10-25 13:48	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-10-25 13:48	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-10-25 13:48	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-10-25 13:48	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-10-25 13:47	8791360	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-10-25 13:47	7581504	----a-w-	c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 13:47	7041856	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-10-25 13:47	68928	----a-w-	c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 13:47	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 13:47	5578560	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 13:47	2808128	----a-w-	c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-10-25 13:47	2542912	----a-w-	c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 13:47	24796992	----a-w-	c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-25 13:47	24742720	----a-w-	c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-25 13:47	2458432	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-10-25 13:47	2401088	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 13:47	2232128	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 13:47	2099520	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 13:47	18871616	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-25 13:47	17248576	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-25 13:47	15693120	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-10-25 13:47	1533248	----a-w-	c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-25 13:47	1454400	----a-w-	c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-10-25 13:47	13205312	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-10-25 13:47	12971840	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-10-14 22:54 . 2011-10-14 22:54	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-10-11 13:00 . 2011-10-16 16:35	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 16:35	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-09-29 16:29 . 2011-11-09 17:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\programme\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [x]
R3 ZY202_VS;Deutsche Telekom 802.11g 1211 Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 DVBVRecorder;DVBViewer Recording Service;c:\program files (x86)\DVBViewer\DVBVservice.exe [2010-10-16 617600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 UDST7000BDA;%UDST7000BDA.FriendlyName%;c:\windows\system32\Drivers\UDST7000BDA.sys [x]
S3 UDST7000HID;TechniSat - HID Driver;c:\windows\system32\drivers\UDST7000HID.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job
- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job
- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://shop.thefreevpn.com/home.php
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xrel.to/releases.html
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-Run-Duden Korrektor SysTray - c:\program files (x86)\Duden\Duden Korrektor\DKTray.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{2C41B757-F5D0-44F9-A206-EEB9CD973927}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe
AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{1E073424-A3F8-474B-A503-A99428594527}\Audio 8 DJ Driver Setup.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
AddRemove-{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09} - c:\program files (x86)\InstallShield Installation Information\{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*¿)x\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,ce,37,c3,a6,72,d4,c5,c6,70,64,c0,1c,2b,6a,e5,b4,f5,f5,92,cc,
   2b,14,3f,e9,a4,12,03,d0,fe,07,4a,f2,49,1a,9b,c3,52,cc,34,67,9a,33,e8,ca,b9,\
"rkeysecu"=hex:5c,fa,46,dd,d2,34,fc,cb,17,7c,1e,b9,96,61,8e,4b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B74AA8DA050386E1D1A66B7150ED092EA5DAAED1F17F998D1FD9ED7051C754DA90F16D7AF1068E5C66B0FD88F23C24CEED1FD6121790D4529D4678C25F7EB79C0309A011365532F92DCF5AAEA9090CA5337A8C42B6548BEDC5B0A074A12527A64F733DCCE163BF6EAC890B619EFBF045683889CAB3C4EDED9049757BD3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C51E9756C21CC70C71902C768FC41096BF7CA74276DF055C7029CB13F8813C3F1DAF35D9CED1993DB944EE158479E9F76E019EA1A27597BD314AE6909ADA6E1E8706865CE041AEDD2CCB8A9AB9FA8AAB202DCAF17625FEB9BA89A6AF1FBA87E872E0E56CC2622A265B50963B42F04D934C07F24194B198129BC8BD34044C0C17146722CC36E8BC67352CC092AF1DB50B01B305E81E4A08EAEE0EE771BAE9B49EEFC6415464632647C3E56C5A5B95DA5049D61A6920317D4FD397ADD8FB467276E2C79F4C7EEF6F9A8A8B87BA5AB39642B6BC77BF3D21C8D907DA3BE0D2758DD80BF08E2A3FBBF79BF52CF3C8E3F250BCB3EDE0EB0CED8E4027AA50BE827266959BBADAB15D4F2483293B553A4415C0D2B5FE344384BF67A919181635BAB0D34D1334B4EBFB5FD4110544E3B12D39AD1B5305937DD6C24E122B3771F8080CCA0E7CF827DA72DD2B08F133D26E66AA333F7A105B5DA2C14233EEC90C95944A7043C4FBC21B521E3DB0B646BF7944E3B0226BBF1BE47587EBB90D718A049E8E626928328D53947ACF5006D0748709C2B009699ED0AA4939B1A68241D1719B454455450B0E9622BA72A10670165374642E4C56B8A80D6522BA3BA1771D176C441128EAF0FE1462F551602210E4E060F525AD0731EBEA35F71AF9F882D2D6F85003273AE37745F063BCBBE7DA7385F102F01FA0A43183858B189D065AB38FAB9E93C55EE688D0AB5E252D5F28A0BA9B734EB2C995891A12F3AF130AD0CB2EE7AD9BFAFA5A1CB089BD622770A3864B0C33EA06E227EE2D5A8571DC174B0160AB0AEBC1E9CA784FEE7A82B7962F693204B2F1BEF351D7BAA5FDB332C64C10C6B9B4C29E02F81BD791DEECC57AFCD1F8BB5EBCB85FCDD7C5BC19FCEBB37A97197CD9AEC5E50FA34E193BFDEADB50A3CE9C15F122532AE3B88907C8261BD98DA762E86659E86A6558BF7B72C3F4EBFDA167DF6486825C0C13560D0CF30DD000E55F7FEE34E67D547AC48F87070EA401A4CCFA33890390C4C481E80305F0F9806E4B875AD3FA3A360DC59275FCC0BA74DB1F05B21FEE44A4E8D05708F4CDC5DEFB854E47A657BE92B1B53EC9E024750FE4AED98363B3578EAB3A88CCDF5E78CB0CA03C6F75AC249E8C7B0734861C7DEEB8227D61DEF475A7D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-21  22:43:59
ComboFix-quarantined-files.txt  2011-12-21 21:43
.
Vor Suchlauf: 1.871.409.152 Bytes frei
Nach Suchlauf: 1.729.617.920 Bytes frei
.
- - End Of File - - E740F66148211778AFA49DC512D81464
         

Alt 22.12.2011, 07:51   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Driver::
VGPU

File::
c:\windows\system32\drivers\rdvgkmd.sys
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2011, 15:23   #15
CMPunk
 
50€ Forderung bei Windows-Start - Standard

50€ Forderung bei Windows-Start



Log:
Code:
ATTFilter
ComboFix 11-12-22.01 - Micha 22.12.2011  16:06:13.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2074 [GMT 1:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Micha\Desktop\CFScript.TXT
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-22 15:11 . 2011-12-22 15:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-12-22 15:11 . 2011-12-22 15:11	--------	d-----w-	c:\users\Mcx1-M7CHA\AppData\Local\temp
2011-12-22 15:11 . 2011-12-22 15:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-21 15:03 . 2011-12-21 15:03	--------	d-----w-	C:\_OTL
2011-12-20 15:43 . 2011-12-17 05:09	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-20 15:43 . 2011-12-17 01:19	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-20 15:43 . 2011-12-17 01:19	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-20 15:43 . 2011-12-17 01:19	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-19 20:59 . 2011-12-19 20:59	--------	d-----w-	c:\users\Micha\AppData\Roaming\Malwarebytes
2011-12-19 20:59 . 2011-12-19 20:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-19 20:59 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-14 15:18 . 2011-12-14 15:18	--------	d-----w-	c:\program files\iTunes
2011-12-14 15:18 . 2011-12-14 15:18	--------	d-----w-	c:\program files\iPod
2011-12-14 06:34 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 06:33 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 06:33 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 06:33 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-14 06:33 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 06:33 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-11 19:40 . 2011-12-11 19:40	--------	d-----w-	c:\users\Micha\AppData\Local\FILSH_Media_GmbH
2011-12-11 19:40 . 2011-12-20 21:57	--------	d-----w-	c:\program files (x86)\FILSHtray
2011-12-08 13:12 . 2011-12-08 13:13	--------	d-----w-	c:\users\Micha\AppData\Roaming\Nitro PDF
2011-12-08 13:12 . 2011-10-25 15:13	17192	----a-w-	c:\windows\system32\nitrolocalui2.dll
2011-12-08 13:12 . 2011-10-25 15:13	28968	----a-w-	c:\windows\system32\nitrolocalmon2.dll
2011-12-08 13:12 . 2011-12-08 13:12	--------	d-----w-	c:\programdata\Nitro PDF
2011-12-08 13:11 . 2011-12-08 13:11	--------	d-----w-	c:\users\Micha\AppData\Roaming\Downloaded Installations
2011-11-24 11:43 . 2011-11-24 11:43	--------	d-----w-	c:\users\Micha\AppData\Local\Sidhe
2011-11-23 21:46 . 2011-12-05 16:09	--------	d-----w-	c:\users\Micha\AppData\Local\Ubisoft Game Launcher
2011-11-23 21:46 . 2011-11-23 21:46	--------	d-----w-	c:\programdata\Ubisoft
2011-11-22 20:54 . 2011-11-22 21:11	--------	d-----w-	c:\users\Micha\.android
2011-11-22 20:54 . 2011-11-22 22:05	--------	d-----w-	c:\program files (x86)\Android
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 06:34 . 2011-10-16 16:35	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-10 18:25 . 2011-05-16 13:24	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-10-15 08:53 . 2011-10-25 13:48	837952	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-10-25 13:48	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-10-25 13:48	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-10-25 13:48	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-10-25 13:48	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-10-25 13:48	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-10-25 13:48	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-10-25 13:47	8791360	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-10-25 13:47	7581504	----a-w-	c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 13:47	7041856	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-10-25 13:47	68928	----a-w-	c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 13:47	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 13:47	5578560	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 13:47	2808128	----a-w-	c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-10-25 13:47	2542912	----a-w-	c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 13:47	24796992	----a-w-	c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-25 13:47	24742720	----a-w-	c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-25 13:47	2458432	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-10-25 13:47	2401088	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 13:47	2232128	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 13:47	2099520	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 13:47	18871616	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-25 13:47	17248576	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-25 13:47	15693120	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-10-25 13:47	1533248	----a-w-	c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-25 13:47	1454400	----a-w-	c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-10-25 13:47	13205312	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-10-25 13:47	12971840	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-10-14 22:54 . 2011-10-14 22:54	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-10-11 13:00 . 2011-10-16 16:35	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 16:35	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-09-29 16:29 . 2011-11-09 17:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-21_21.42.36   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-12-21 20:55	28062              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-22 11:02	28062              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-05 16:30 . 2011-12-22 11:02	13202              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2034920276-3348135786-2086485318-1000_UserData.bin
- 2010-02-05 16:30 . 2011-12-21 20:55	13202              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2034920276-3348135786-2086485318-1000_UserData.bin
- 2011-08-09 06:24 . 2009-03-18 15:35	33856              c:\windows\system32\hamachi.sys
+ 2011-08-09 06:24 . 2009-03-18 16:35	33856              c:\windows\system32\hamachi.sys
- 2011-12-21 20:53 . 2011-12-21 20:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 15:13 . 2011-12-22 15:13	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 15:13 . 2011-12-22 15:13	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-21 20:53 . 2011-12-21 20:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-12-22 15:12	437582              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-21 18:26	437582              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-22 11:00 . 2011-12-22 11:00	3819520              c:\windows\Installer\f548.msi
- 2010-03-20 15:44 . 2011-12-21 18:26	32977944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2034920276-3348135786-2086485318-1000-8192.dat
+ 2010-03-20 15:44 . 2011-12-22 15:12	32977944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2034920276-3348135786-2086485318-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\programme\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [x]
R3 ZY202_VS;Deutsche Telekom 802.11g 1211 Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 DVBVRecorder;DVBViewer Recording Service;c:\program files (x86)\DVBViewer\DVBVservice.exe [2010-10-16 617600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 UDST7000BDA;%UDST7000BDA.FriendlyName%;c:\windows\system32\Drivers\UDST7000BDA.sys [x]
S3 UDST7000HID;TechniSat - HID Driver;c:\windows\system32\drivers\UDST7000HID.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job
- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job
- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"combofix"="c:\combofix\CF1888.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://shop.thefreevpn.com/home.php
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xrel.to/releases.html
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*¿)x\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,ce,37,c3,a6,72,d4,c5,c6,70,64,c0,1c,2b,6a,e5,b4,f5,f5,92,cc,
   2b,14,3f,e9,a4,12,03,d0,fe,07,4a,f2,49,1a,9b,c3,52,cc,34,67,9a,33,e8,ca,b9,\
"rkeysecu"=hex:5c,fa,46,dd,d2,34,fc,cb,17,7c,1e,b9,96,61,8e,4b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B74AA8DA050386E1D1A66B7150ED092EA5DAAED1F17F998D1FD9ED7051C754DA90F16D7AF1068E5C66B0FD88F23C24CEED1FD6121790D4529D4678C25F7EB79C0309A011365532F92DCF5AAEA9090CA5337A8C42B6548BEDC5B0A074A12527A64F733DCCE163BF6EAC890B619EFBF045683889CAB3C4EDED9049757BD3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C51E9756C21CC70C71902C768FC41096BF7CA74276DF055C7029CB13F8813C3F1DAF35D9CED1993DB944EE158479E9F76E019EA1A27597BD314AE6909ADA6E1E8706865CE041AEDD2CCB8A9AB9FA8AAB202DCAF17625FEB9BA89A6AF1FBA87E872E0E56CC2622A265B50963B42F04D934C07F24194B198129BC8BD34044C0C17146722CC36E8BC67352CC092AF1DB50B01B305E81E4A08EAEE0EE771BAE9B49EEFC6415464632647C3E56C5A5B95DA5049D61A6920317D4FD397ADD8FB467276E2C79F4C7EEF6F9A8A8B87BA5AB39642B6BC77BF3D21C8D907DA3BE0D2758DD80BF08E2A3FBBF79BF52CF3C8E3F250BCB3EDE0EB0CED8E4027AA50BE827266959BBADAB15D4F2483293B553A4415C0D2B5FE344384BF67A919181635BAB0D34D1334B4EBFB5FD4110544E3B12D39AD1B5305937DD6C24E122B3771F8080CCA0E7CF827DA72DD2B08F133D26E66AA333F7A105B5DA2C14233EEC90C95944A7043C4FBC21B521E3DB0B646BF7944E3B0226BBF1BE47587EBB90D718A049E8E626928328D53947ACF5006D0748709C2B009699ED0AA4939B1A68241D1719B454455450B0E9622BA72A10670165374642E4C56B8A80D6522BA3BA1771D176C441128EAF0FE1462F551602210E4E060F525AD0731EBEA35F71AF9F882D2D6F85003273AE37745F063BCBBE7DA7385F102F01FA0A43183858B189D065AB38FAB9E93C55EE688D0AB5E252D5F28A0BA9B734EB2C995891A12F3AF130AD0CB2EE7AD9BFAFA5A1CB089BD622770A3864B0C33EA06E227EE2D5A8571DC174B0160AB0AEBC1E9CA784FEE7A82B7962F693204B2F1BEF351D7BAA5FDB332C64C10C6B9B4C29E02F81BD791DEECC57AFCD1F8BB5EBCB85FCDD7C5BC19FCEBB37A97197CD9AEC5E50FA34E193BFDEADB50A3CE9C15F122532AE3B88907C8261BD98DA762E86659E86A6558BF7B72C3F4EBFDA167DF6486825C0C13560D0CF30DD000E55F7FEE34E67D547AC48F87070EA401A4CCFA33890390C4C481E80305F0F9806E4B875AD3FA3A360DC59275FCC0BA74DB1F05B21FEE44A4E8D05708F4CDC5DEFB854E47A657BE92B1B53EC9E024750FE4AED98363B3578EAB3A88CCDF5E78CB0CA03C6F75AC249E8C7B0734861C7DEEB8227D61DEF475A7D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22  16:19:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-22 15:19
.
Vor Suchlauf: 1.692.717.056 Bytes frei
Nach Suchlauf: 1.433.251.840 Bytes frei
.
- - End Of File - - B69383CF348AE5BDEF95FDCD7CFF4FDC
         

Antwort

Themen zu 50€ Forderung bei Windows-Start
64-bit, 7-zip, adblock, alternate, antivir, application/pdf, application/pdf:, avira, bho, bonjour, c:\windows\system32\rundll32.exe, downloader, error, excel, feedback, firefox, flash player, google chrome, helper, home, hotspot, hotspot shield, install.exe, jdownloader, langs, locker, logfile, maus, microsoft office word, mozilla, msiinstaller, ntdll.dll, nvidia update, office 2007, packard bell, popup, problem, realtek, registry, scan, sched.exe, security, software, starten, stick, tastatur, teamspeak, version=1.0, visual studio, webcheck, weißes fenster, youtube downloader



Ähnliche Themen: 50€ Forderung bei Windows-Start


  1. Windows 7: Norton findet fast bei jedem Windows-Start ntdllinst.exe und ntcrxinst.exe
    Log-Analyse und Auswertung - 04.09.2014 (24)
  2. Windows 7 hp-Laptop hat nach Start von windows BKA Bildschirm mit 100 Euro Zahlungsaufforderung
    Log-Analyse und Auswertung - 06.06.2014 (9)
  3. Virus:Forderung der stornierten Zahlung Ihrer Bestellung 23.08.2013.com
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (18)
  4. Virus: Interpol Bundesamt für Sicherheit und Informationstechnik. 100 Euro-Forderung.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (9)
  5. Weißer Bildschirm nach Windows-Start (Windows 7 Premium Home)
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (13)
  6. Windows 7 64 bit blockiert / Ukash-Forderung
    Log-Analyse und Auswertung - 25.09.2012 (7)
  7. GVU Geldforderung - Computerhijacking Forderung nach Ukash zur Freischaltung 100 €
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  8. Windows 7 64bit blockiert mit UKASH Forderung
    Log-Analyse und Auswertung - 23.09.2012 (3)
  9. (2x) Hijacking Problem-GVU Trojaner fordert 100 €-Ukash Forderung-Rechner blockiert
    Mülltonne - 23.09.2012 (1)
  10. Windows blockiert / Ukash-Forderung
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (15)
  11. ebenfalls Verschlüsselungstrojaner (200 € Ukash Forderung)
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  12. Dunkler Bildschirm, Deutschlandflaggenfenster mit Forderung von 50 Euro wegen Virenverseuchung
    Log-Analyse und Auswertung - 04.04.2012 (27)
  13. bka trojaner 100euro forderung
    Log-Analyse und Auswertung - 03.04.2012 (6)
  14. BKA-Trojaner eingefangen mit Geld Forderung auf WindowsXP
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (35)
  15. Windows aus Sicherheitsgründen gesperrt / 50€ Forderung
    Log-Analyse und Auswertung - 13.02.2012 (11)
  16. schwarzer hintergrund und forderung von 50 euro um die viren zu beseitigen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (22)
  17. Windows blockiert, 50 Euro-Forderung - Problem mit Malware?
    Log-Analyse und Auswertung - 18.12.2011 (1)

Zum Thema 50€ Forderung bei Windows-Start - Hi, Ich hab quasi das selbe Problem wie in folgendem Thread: http://www.trojaner-board.de/106109-...s-7-start.html War mit Firefox (neuste Version) unterwegs, plötzlich öffnete sich scheinbar ein PopUp, was eine Geldforderung anzeigte. Schließen so - 50€ Forderung bei Windows-Start...
Archiv
Du betrachtest: 50€ Forderung bei Windows-Start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.