Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
quartänte .was ist das.

quartänte .was ist das.


Plagegeister aller Art und deren Bekämpfung: quartänte .was ist das.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 02.01.2012, 17:37   #1
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


hallo
ich habe wieder pech gehapt auf eienr seite
da ich jetz virus pegommen habe avira hats angezeigt hats
hab dan nochmal den pc gescannt
un hatte viren gefunden die jetz bei quarantäne drin
was soll ich jetz machen
was ist das?
sind die viren noch da
avira und ein anderes malware programm zeigt an das mein pc sicher ist
ist mein pc wirklich sicher

Alt 02.01.2012, 19:26   #2
markusg
/// Malware-holic
 
quartänte .was ist das. - Standard

quartänte .was ist das.


hi
was ist wo gefunden worden? gehts auch noch mal auf deutsch und mit logfiles?
du warst doch schon mal hier also kennst du doch die infos die wir wollen.
otl logs, avira bericht,....
__________________

__________________
Alt 02.01.2012, 20:40   #3
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


VON AVIRA






Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : -PASCAL-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 22.11.2011 13:20:05
AVSCAN.DLL : 12.1.0.17 65744 Bytes 22.11.2011 13:20:27
LUKE.DLL : 12.1.0.17 68304 Bytes 22.11.2011 13:20:14
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 22.11.2011 13:20:05
AVREG.DLL : 12.1.0.27 227536 Bytes 10.12.2011 14:32:23
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:29:26
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 15:29:34
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 15:29:34
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 15:29:34
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 15:29:34
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 15:29:35
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 15:29:35
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 15:29:35
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 15:29:35
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 15:29:35
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 15:29:35
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 14:39:26
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 14:39:25
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 14:39:14
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 14:40:27
VBASE017.VDF : 7.11.20.71 2048 Bytes 29.12.2011 14:40:28
VBASE018.VDF : 7.11.20.72 2048 Bytes 29.12.2011 14:40:28
VBASE019.VDF : 7.11.20.73 2048 Bytes 29.12.2011 14:40:28
VBASE020.VDF : 7.11.20.74 2048 Bytes 29.12.2011 14:40:28
VBASE021.VDF : 7.11.20.75 2048 Bytes 29.12.2011 14:40:28
VBASE022.VDF : 7.11.20.76 2048 Bytes 29.12.2011 14:40:28
VBASE023.VDF : 7.11.20.77 2048 Bytes 29.12.2011 14:40:28
VBASE024.VDF : 7.11.20.78 2048 Bytes 29.12.2011 14:40:28
VBASE025.VDF : 7.11.20.79 2048 Bytes 29.12.2011 14:40:28
VBASE026.VDF : 7.11.20.80 2048 Bytes 29.12.2011 14:40:28
VBASE027.VDF : 7.11.20.81 2048 Bytes 29.12.2011 14:40:28
VBASE028.VDF : 7.11.20.82 2048 Bytes 29.12.2011 14:40:28
VBASE029.VDF : 7.11.20.83 2048 Bytes 29.12.2011 14:40:28
VBASE030.VDF : 7.11.20.84 2048 Bytes 29.12.2011 14:40:29
VBASE031.VDF : 7.11.20.97 132608 Bytes 30.12.2011 14:39:51
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 22.11.2011 13:20:02
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 28.12.2011 14:40:59
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 08.12.2011 17:16:06
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 14:31:58
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 14:41:08
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 30.12.2011 14:41:03
AEHELP.DLL : 8.1.18.0 254327 Bytes 22.11.2011 13:19:58
AEGEN.DLL : 8.1.5.17 405877 Bytes 09.12.2011 14:08:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 28.12.2011 14:39:34
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 22.11.2011 13:20:07
AVPREF.DLL : 12.1.0.17 51920 Bytes 22.11.2011 13:20:04
AVREP.DLL : 12.1.0.17 179408 Bytes 22.11.2011 13:20:05
AVARKT.DLL : 12.1.0.19 208848 Bytes 22.11.2011 13:20:02
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 22.11.2011 13:20:03
SQLITE3.DLL : 3.7.0.0 398288 Bytes 22.11.2011 13:20:19
AVSMTP.DLL : 12.1.0.17 62928 Bytes 22.11.2011 13:20:06
NETNT.DLL : 12.1.0.17 17104 Bytes 22.11.2011 13:20:15
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 22.11.2011 13:20:31
RCTEXT.DLL : 12.1.0.16 98512 Bytes 22.11.2011 13:20:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, P:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 1. Januar 2012 14:43

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'P:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'KMProcess.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'KMConfig.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'StartAutorun.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WGClientService.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'iChat.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsysdrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'KMWDSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezSharedSvcHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DBService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2163' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-1c002d71
[0] Archivtyp: ZIP
--> Translate.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AJ
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-2f1b3660
[0] Archivtyp: ZIP
--> Market.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AK
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\30047aa4-19e331b3
[FUND] Ist das Trojanische Pferd TR/Offend.kdv.498105
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7eb0b4be-2dbf8254
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.6
Beginne mit der Suche in 'D:\' <HP_RECOVERY>
Beginne mit der Suche in 'P:\' <Volume>

Beginne mit der Desinfektion:
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7eb0b4be-2dbf8254
[FUND] Ist das Trojanische Pferd TR/Ransom.EJ.6
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a26d0cd.qua' verschoben!
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\30047aa4-19e331b3
[FUND] Ist das Trojanische Pferd TR/Offend.kdv.498105
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52e3ffbd.qua' verschoben!
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-2f1b3660
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00e9a552.qua' verschoben!
C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-1c002d71
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AJ
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66deea90.qua' verschoben!


Ende des Suchlaufs: Sonntag, 1. Januar 2012 15:52
Benötigte Zeit: 1:09:03 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

38086 Verzeichnisse wurden überprüft
957651 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
957647 Dateien ohne Befall
4398 Archive wurden durchsucht
0 Warnungen
4 Hinweise




MALWARE SCANNER





Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122701

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

27.12.2011 13:26:48
mbam-log-2011-12-27 (13-26-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 191466
Laufzeit: 1 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\-Pascal-\downloads\softonicdownloader_fuer_orbit-downloader.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
c:\Users\-Pascal-\downloads\softonicdownloader_fuer_windows-live-movie-maker.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
c:\Users\-Pascal-\downloads\softonicdownloader_fuer_windows-movie-maker.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
c:\Users\-Pascal-\downloads\softonicdownloader_fuer_wink.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.





WEN ES DAS FALSCHE IST BITTE
ERKLÄREN WAS SONS
__________________
Geändert von virushasser8 (02.01.2012 um 21:10 Uhr) Grund: FALSCHE LOG DATA

Alt 02.01.2012, 20:42   #4
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


ich habe diese viirus von eienr wbsite wo ich eigentlich miis für den 3ds holen wollte
und da hat plötzlich mein virus programm avira
arlam geschlagen
und das andere virusprogramm

Alt 03.01.2012, 08:42   #5
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


Zitat:
Zitat von markusg Beitrag anzeigen
hi
was ist wo gefunden worden? gehts auch noch mal auf deutsch und mit logfiles?
du warst doch schon mal hier also kennst du doch die infos die wir wollen.
otl logs, avira bericht,....
ich habe sie jetz hingeschrieben
aber ich habe mehrere aber das müssen die richtigen sein


Alt 03.01.2012, 13:29   #6
markusg
/// Malware-holic
 
quartänte .was ist das. - Standard

quartänte .was ist das.


"und das andere virusprogramm
" welches meinst du? malwarebytes?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
--> quartänte .was ist das.

Alt 03.01.2012, 15:07   #7
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


DANKE
ICH HABE ES GEMACHT WAS MEINEN SIE MIT ALLES PROGRAMME BEENDEN
ICH HABE ELIDER AM ANFANG DES SCANNEN GEMRKT DAS DAS INTERNET NOCH ANWAR DAS ICH BEENDET HABE
IST DAS JETZ RICGTIG?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/3/2012 2:59:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\-Pascal-\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 76.29% Memory free
12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.74 Gb Total Space | 330.64 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
Drive D: | 13.60 Gb Total Space | 1.67 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive P: | 453.08 Gb Total Space | 449.82 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
 
Computer Name: -PASCAL-PC | User Name: -Pascal- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/03 14:58:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\-Pascal-\Downloads\OTL.exe
PRC - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/21 15:50:01 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe
PRC - [2011/03/01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe
PRC - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/25 11:45:28 | 000,328,704 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/07/21 00:14:38 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe
PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe
PRC - [2001/05/14 20:28:46 | 001,095,680 | ---- | M] (AlexSoft) -- C:\Program Files (x86)\IChat\iChat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/21 15:50:01 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2010/04/25 11:26:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll
MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/10 15:32:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService)
SRV - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/22 14:20:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/11/22 14:20:31 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/04 14:30:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/03 14:10:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/02 01:59:02 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/12/02 01:59:02 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/16 15:26:38 | 000,022,016 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 2F 3F 5D 26 C0 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13"
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.1.0
FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=CF2CB85E-6205-488F-B203-91DE7077CCE6&apn_ptnrs=96&apn_sauid=8726ABEA-AE9B-44AD-823B-04216B9D0BC8&apn_dtid=YYYYYYYYDE&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/02 01:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/02 01:43:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\-Pascal-\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
 
[2011/01/02 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Extensions
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions
[2011/01/08 21:13:16 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/12/28 10:02:04 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/04 19:25:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/12/02 15:18:49 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\ffxtlbr@incredibar.com
[2011/12/03 20:05:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\toolbar@ask.com
[2011/03/26 19:51:36 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-2.xml
[2011/05/07 07:52:48 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-3.xml
[2011/07/19 11:22:40 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-4.xml
[2011/08/31 15:33:23 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-5.xml
[2011/09/01 20:38:59 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-6.xml
[2011/12/02 13:09:54 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-7.xml
[2011/12/28 10:22:26 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-8.xml
[2010/05/12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin.xml
[2011/12/02 15:18:46 | 000,002,201 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\MyStart Search.xml
[2012/01/02 15:29:38 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\search-results.xml
[2011/12/03 09:10:54 | 000,002,270 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\SearchTheWeb.xml
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/01/06 20:47:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011/11/20 17:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 17:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 17:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 17:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 17:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [iChat] C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2602F395-FC82-414A-919C-E03F3E080502}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2003/10/06 08:52:36 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE - (Hewlett-Packard Company)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk - C:\PROGRA~2\WeGame\wegame.exe - (WeGame.com, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^-Pascal-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
MsConfig:64bit - StartUpReg: iChat - hkey= - key= - C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/30 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\grafiti
[2011/12/28 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\xfire
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Conduit
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/12/28 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/12/28 09:27:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/12/27 13:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo Games
[2011/12/25 14:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/12/25 10:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Driver
[2011/12/25 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mouse Driver
[2011/12/24 12:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
[2011/12/23 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\musik
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Cross Fire
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/12/23 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2011/12/23 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/23 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive
[2011/12/23 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\CrossFire_1082
[2011/12/20 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Malwarebytes
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/20 17:32:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/20 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/18 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bau-Simulator 2012 Demo
[2011/12/18 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bau-Simulator 2012 Demo
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Kalypso Media
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Airline Tycoon 2-Demo
[2011/12/18 11:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/12/18 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2011/12/18 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTL Winter Sports 2009
[2011/12/18 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Sports
[2011/12/18 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tank Simulation Demo
[2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo
[2011/12/17 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Criterion Games
[2011/12/17 12:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/12/17 12:05:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/17 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/12/17 11:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2011/12/17 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\GamersFirst LIVE!
[2011/12/17 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\PMB Files
[2011/12/17 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/12/17 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/12/17 10:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/12/17 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2011/12/17 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2004
[2011/12/17 10:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biathlon 2004
[2011/12/17 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/12/15 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2009 (Demo)
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.1
[2011/12/15 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewFreeScreensavers
[2011/12/14 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tetris Unlimited
[2011/12/14 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\PROGRAM
[2011/12/14 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011/12/11 12:41:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/12/10 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\meine 3ds bilder
[2011/12/10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/12/10 16:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/12/10 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner
[2011/12/10 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft
[2011/12/10 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/10 16:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kikin
[2011/12/09 11:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D
[2011/12/09 11:53:48 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/08 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Avira
[2011/12/08 18:15:00 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/08 18:15:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/08 18:15:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/06 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/05 21:03:53 | 000,000,000 | RH-D | C] -- C:\Users\-Pascal-\AppData\Roaming\SecuROM
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\ArmA
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\ArmA
[2011/12/05 20:39:36 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/05 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/05 20:39:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/05 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/12/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/12/04 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Battlefield 2
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 14:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 14:55:57 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 09:55:05 | 000,000,082 | ---- | M] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/03 09:39:33 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/02 15:53:02 | 000,000,219 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:35:08 | 000,001,218 | ---- | M] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/30 17:03:44 | 000,009,216 | ---- | M] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 09:54:00 | 000,000,574 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | M] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/23 11:41:04 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/23 11:41:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/20 17:33:00 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 15:29:10 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 14:07:23 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:37 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 05:41:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:46:11 | 000,001,320 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Auslogics Disk Defrag.lnk
[2011/12/10 16:44:25 | 000,001,145 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:19 | 001,188,624 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/07 14:45:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/07 14:42:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/07 14:42:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/07 14:42:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/07 14:42:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/07 14:42:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/05 13:44:30 | 000,002,296 | ---- | M] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/03 09:55:05 | 000,000,082 | ---- | C] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/02 15:53:02 | 000,000,219 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:36:43 | 000,001,218 | ---- | C] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/28 09:27:40 | 000,000,574 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | C] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/20 17:33:00 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:47:36 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 16:58:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/15 16:39:49 | 008,782,382 | ---- | C] () -- C:\Windows\SysWow64\nfsFirePlace02.scr
[2011/12/15 05:41:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | C] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:44:25 | 000,001,145 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:20 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/07 14:45:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/06 18:45:47 | 001,188,624 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/05 13:44:30 | 000,002,296 | ---- | C] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2011/12/02 15:26:00 | 000,009,216 | ---- | C] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 15:18:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/05/22 13:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2011/03/28 13:51:43 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011/03/28 13:51:43 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011/03/28 13:48:55 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/28 13:30:11 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011/03/28 13:30:11 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011/03/19 13:52:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/05 08:49:58 | 000,001,237 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/04 14:25:32 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011/03/04 14:24:33 | 000,000,266 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/02/15 15:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 19:19:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/02/09 19:19:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/09 19:19:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 15:38:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/02 02:02:20 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/02 01:37:46 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/12/02 01:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/10 03:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/01/03 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Auslogics
[2011/12/10 16:45:15 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/02 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\GrabPro
[2011/12/20 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ICQ
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/03/09 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\MysteryStudio
[2011/12/17 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/01/16 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenOffice.org
[2011/12/08 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Orbit
[2011/01/02 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\PictureMover
[2011/12/02 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProgSense
[2011/12/18 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProtectDisc
[2011/01/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\QuickStoresToolbar
[2011/01/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\RedDotGames
[2011/01/09 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Tific
[2011/03/28 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ubi.com
[2011/12/15 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Ubisoft
[2011/06/04 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2
[2011/06/04 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2011/06/04 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Marine World
[2011/01/02 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\WildTangent
[2011/12/27 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\_MDLogs
[2011/12/28 10:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/02/14 17:09:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/23 11:47:19 | 000,000,000 | ---D | M] -- C:\CFLog
[2011/12/09 16:24:55 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/12/06 19:00:08 | 000,000,000 | ---D | M] -- C:\downloads
[2011/12/28 09:38:44 | 000,000,000 | ---D | M] -- C:\Fraps
[2010/12/02 01:38:08 | 000,000,000 | RHSD | M] -- C:\hp
[2011/03/19 15:34:51 | 000,000,000 | ---D | M] -- C:\JANES
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/23 11:34:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/29 11:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/28 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/12/08 19:48:03 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2011/03/04 14:24:45 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011/01/02 17:03:59 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/01/03 15:01:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/02/14 17:09:35 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/03 14:56:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/12/02 01:59:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012/01/03 15:10:33 | 002,883,584 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT
[2012/01/03 15:10:32 | 000,262,144 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG1
[2011/01/02 15:37:55 | 000,000,000 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG2
[2011/01/02 18:22:33 | 000,065,536 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/01/02 15:37:55 | 000,000,020 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
--- --- ---
Alt 03.01.2012, 15:08   #8
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


DANKE
ICH HABE ES GEMACHT WAS MEINEN SIE MIT ALLES PROGRAMME BEENDEN
ICH HABE ELIDER AM ANFANG DES SCANNEN GEMRKT DAS DAS INTERNET NOCH ANWAR DAS ICH BEENDET HABE
IST DAS JETZ RICGTIG?




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/3/2012 2:59:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\-Pascal-\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 76.29% Memory free
12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.74 Gb Total Space | 330.64 Gb Free Space | 71.15% Space Free | Partition Type: NTFS
Drive D: | 13.60 Gb Total Space | 1.67 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive P: | 453.08 Gb Total Space | 449.82 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
 
Computer Name: -PASCAL-PC | User Name: -Pascal- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/03 14:58:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\-Pascal-\Downloads\OTL.exe
PRC - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/21 15:50:01 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe
PRC - [2011/03/01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe
PRC - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/25 11:45:28 | 000,328,704 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/07/21 00:14:38 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe
PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe
PRC - [2001/05/14 20:28:46 | 001,095,680 | ---- | M] (AlexSoft) -- C:\Program Files (x86)\IChat\iChat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/21 15:50:01 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2010/04/25 11:26:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll
MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/10 15:32:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService)
SRV - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/22 14:20:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/11/22 14:20:31 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/04 14:30:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/03 14:10:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/02 01:59:02 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/12/02 01:59:02 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/16 15:26:38 | 000,022,016 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 2F 3F 5D 26 C0 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13"
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.1.0
FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=CF2CB85E-6205-488F-B203-91DE7077CCE6&apn_ptnrs=96&apn_sauid=8726ABEA-AE9B-44AD-823B-04216B9D0BC8&apn_dtid=YYYYYYYYDE&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/02 01:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/02 01:43:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\-Pascal-\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:50:02 | 000,000,000 | ---D | M]
 
[2011/01/02 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Extensions
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions
[2011/01/08 21:13:16 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/12/28 10:02:04 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/04 19:25:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/12/02 15:18:49 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\ffxtlbr@incredibar.com
[2011/12/03 20:05:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\toolbar@ask.com
[2011/03/26 19:51:36 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-2.xml
[2011/05/07 07:52:48 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-3.xml
[2011/07/19 11:22:40 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-4.xml
[2011/08/31 15:33:23 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-5.xml
[2011/09/01 20:38:59 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-6.xml
[2011/12/02 13:09:54 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-7.xml
[2011/12/28 10:22:26 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-8.xml
[2010/05/12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin.xml
[2011/12/02 15:18:46 | 000,002,201 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\MyStart Search.xml
[2012/01/02 15:29:38 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\search-results.xml
[2011/12/03 09:10:54 | 000,002,270 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\SearchTheWeb.xml
[2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/01/06 20:47:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011/11/20 17:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 17:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 17:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 17:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 17:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [iChat] C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2602F395-FC82-414A-919C-E03F3E080502}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2003/10/06 08:52:36 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE - (Hewlett-Packard Company)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk - C:\PROGRA~2\WeGame\wegame.exe - (WeGame.com, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^-Pascal-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
MsConfig:64bit - StartUpReg: iChat - hkey= - key= - C:\Program Files (x86)\IChat\iChat.exe (AlexSoft)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/30 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\grafiti
[2011/12/28 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\xfire
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Conduit
[2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/12/28 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/12/28 09:27:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/12/27 13:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo Games
[2011/12/26 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo Games
[2011/12/25 14:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/12/25 10:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Driver
[2011/12/25 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mouse Driver
[2011/12/24 12:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
[2011/12/23 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\musik
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Cross Fire
[2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/12/23 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2011/12/23 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/23 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive
[2011/12/23 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\CrossFire_1082
[2011/12/20 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Malwarebytes
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/20 17:32:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/20 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/18 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bau-Simulator 2012 Demo
[2011/12/18 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bau-Simulator 2012 Demo
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Kalypso Media
[2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Airline Tycoon 2-Demo
[2011/12/18 11:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/12/18 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2011/12/18 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTL Winter Sports 2009
[2011/12/18 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Sports
[2011/12/18 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tank Simulation Demo
[2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo
[2011/12/17 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Criterion Games
[2011/12/17 12:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/12/17 12:05:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/17 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/12/17 11:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2011/12/17 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\GamersFirst LIVE!
[2011/12/17 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\PMB Files
[2011/12/17 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/12/17 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/12/17 10:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/12/17 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2011/12/17 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2004
[2011/12/17 10:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biathlon 2004
[2011/12/17 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/12/15 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2009 (Demo)
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.1
[2011/12/15 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewFreeScreensavers
[2011/12/14 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tetris Unlimited
[2011/12/14 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\PROGRAM
[2011/12/14 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2011/12/11 12:41:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/12/10 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\meine 3ds bilder
[2011/12/10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/12/10 16:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/12/10 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner
[2011/12/10 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft
[2011/12/10 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/10 16:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kikin
[2011/12/09 11:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D
[2011/12/09 11:53:48 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/08 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Avira
[2011/12/08 18:15:00 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/08 18:15:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/08 18:15:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/06 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/05 21:03:53 | 000,000,000 | RH-D | C] -- C:\Users\-Pascal-\AppData\Roaming\SecuROM
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\ArmA
[2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\ArmA
[2011/12/05 20:39:36 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/05 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/12/05 20:39:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/05 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/12/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/12/04 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Battlefield 2
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 14:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 14:55:57 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 09:55:05 | 000,000,082 | ---- | M] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/03 09:39:33 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/02 15:53:02 | 000,000,219 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:35:08 | 000,001,218 | ---- | M] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/30 17:03:44 | 000,009,216 | ---- | M] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 09:54:00 | 000,000,574 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | M] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/23 11:41:04 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/23 11:41:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/20 17:33:00 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 15:29:10 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 14:07:23 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:37 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 05:41:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:46:11 | 000,001,320 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Auslogics Disk Defrag.lnk
[2011/12/10 16:44:25 | 000,001,145 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:19 | 001,188,624 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/07 14:45:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/07 14:42:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/07 14:42:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/07 14:42:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/07 14:42:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/07 14:42:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/05 13:44:30 | 000,002,296 | ---- | M] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/03 09:55:05 | 000,000,082 | ---- | C] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg
[2012/01/02 15:53:02 | 000,000,219 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url
[2011/12/31 12:36:43 | 000,001,218 | ---- | C] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif
[2011/12/30 19:27:32 | 000,004,544 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt
[2011/12/28 09:27:40 | 000,000,574 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk
[2011/12/27 13:37:42 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/12/27 13:37:42 | 000,001,003 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk
[2011/12/24 12:17:21 | 000,002,262 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk
[2011/12/24 12:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk
[2011/12/23 11:42:15 | 000,025,395 | ---- | C] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt
[2011/12/20 17:33:00 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 10:47:36 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D59.LCS
[2011/12/18 10:22:42 | 000,001,655 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk
[2011/12/17 11:18:55 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011/12/17 11:13:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 11:13:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 10:56:22 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/17 10:56:22 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/12/17 10:01:25 | 000,005,214 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/12/15 16:58:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000CE8.LCS
[2011/12/15 16:39:49 | 008,782,382 | ---- | C] () -- C:\Windows\SysWow64\nfsFirePlace02.scr
[2011/12/15 05:41:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011/12/11 12:41:25 | 000,001,798 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk
[2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk
[2011/12/10 19:50:24 | 000,003,367 | ---- | C] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr
[2011/12/10 16:44:25 | 000,001,145 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk
[2011/12/10 16:41:00 | 000,001,498 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk
[2011/12/10 16:41:00 | 000,001,311 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/09 12:21:06 | 000,000,696 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk
[2011/12/08 18:15:20 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/07 14:45:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/06 18:45:47 | 001,188,624 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/05 13:44:30 | 000,002,296 | ---- | C] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk
[2011/12/04 20:36:56 | 000,001,882 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk
[2011/12/04 19:37:46 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2011/12/04 19:37:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2011/12/02 15:26:00 | 000,009,216 | ---- | C] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 15:18:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/05/22 13:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2011/03/28 13:51:43 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011/03/28 13:51:43 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011/03/28 13:48:55 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/28 13:30:11 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011/03/28 13:30:11 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011/03/19 13:52:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/05 08:49:58 | 000,001,237 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/04 14:25:32 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011/03/04 14:24:33 | 000,000,266 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/02/15 15:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 19:19:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/02/09 19:19:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/09 19:19:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 15:38:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/02 02:02:20 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/02 01:37:46 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/12/02 01:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/10 03:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/01/03 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Auslogics
[2011/12/10 16:45:15 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner
[2011/12/10 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft
[2011/12/10 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/02 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\GrabPro
[2011/12/20 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ICQ
[2011/12/09 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\kikin
[2011/03/09 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\MysteryStudio
[2011/12/17 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy
[2011/01/16 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenOffice.org
[2011/12/08 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Orbit
[2011/01/02 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\PictureMover
[2011/12/02 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProgSense
[2011/12/18 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProtectDisc
[2011/01/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\QuickStoresToolbar
[2011/01/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\RedDotGames
[2011/01/09 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Tific
[2011/03/28 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ubi.com
[2011/12/15 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Ubisoft
[2011/06/04 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2
[2011/06/04 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2011/06/04 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Marine World
[2011/01/02 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\WildTangent
[2011/12/27 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\_MDLogs
[2011/12/28 10:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/02/14 17:09:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/23 11:47:19 | 000,000,000 | ---D | M] -- C:\CFLog
[2011/12/09 16:24:55 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/12/06 19:00:08 | 000,000,000 | ---D | M] -- C:\downloads
[2011/12/28 09:38:44 | 000,000,000 | ---D | M] -- C:\Fraps
[2010/12/02 01:38:08 | 000,000,000 | RHSD | M] -- C:\hp
[2011/03/19 15:34:51 | 000,000,000 | ---D | M] -- C:\JANES
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/23 11:34:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/29 11:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/28 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/12/08 19:48:03 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2011/03/04 14:24:45 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011/01/02 17:03:59 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/01/03 15:01:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/02/14 17:09:35 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/03 14:56:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/12/02 01:59:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/12/02 01:59:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012/01/03 15:10:33 | 002,883,584 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT
[2012/01/03 15:10:32 | 000,262,144 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG1
[2011/01/02 15:37:55 | 000,000,000 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG2
[2011/01/02 18:22:33 | 000,065,536 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/01/02 15:37:55 | 000,000,020 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
--- --- ---
Alt 03.01.2012, 15:11   #9
markusg
/// Malware-holic
 
quartänte .was ist das. - Standard

quartänte .was ist das.


1. kannst du ruhig du zu mir sagen :-)
2. alle programme, auch die neben der uhr im infobereich, geht meist über rechtsklick, deaktivieren bzw beenden.
mach mal ein Malwarebytes update, kompletten scan, log posten.
gibts irgendwelche auffälligkeiten des pcs?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2012, 15:23   #10
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


ok
danke das du mir hilfst
und sorry wegen der post
wo für brauchst du das üperhaupt?

Alt 03.01.2012, 17:37   #11
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


09:29:15 -Pascal- MESSAGE Protection started successfully
09:29:20 -Pascal- MESSAGE IP Protection started successfully
09:31:58 -Pascal- IP-BLOCK 89.149.216.28 (Type: outgoing, Port: 49290, Process: firefox.exe)
09:43:06 -Pascal- MESSAGE Protection started successfully
09:43:11 -Pascal- MESSAGE IP Protection started successfully
09:43:12 -Pascal- MESSAGE Scheduled update executed successfully
09:44:54 -Pascal- MESSAGE IP Protection stopped
09:44:56 -Pascal- MESSAGE Database updated successfully
09:44:58 -Pascal- MESSAGE IP Protection started successfully
14:58:28 -Pascal- MESSAGE Protection started successfully
14:58:33 -Pascal- MESSAGE IP Protection started successfully
17:41:20 -Pascal- MESSAGE Protection started successfully
17:41:25 -Pascal- MESSAGE IP Protection started successfully

Alt 03.01.2012, 18:14   #12
markusg
/// Malware-holic
 
quartänte .was ist das. - Standard

quartänte .was ist das.


das wollte ich nicht, steht doch eig da was ich sehen wollte, update, kompletter (vollständiger) scan das ist das protection log.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2012, 19:49   #13
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 912010301

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

03.01.2012 19:38:12
mbam-log-2012-01-03 (19-38-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|P:\|)
Durchsuchte Objekte: 536974
Laufzeit: 1 Stunde(n), 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 03.01.2012, 19:52   #14
virushasser8
 
quartänte .was ist das. - Standard

quartänte .was ist das.


ist das richtig
ich weis einfach nicht weiter
was braucht ihr den

Alt 04.01.2012, 14:20   #15
markusg
/// Malware-holic
 
quartänte .was ist das. - Standard

quartänte .was ist das.


ist es, ich hab doch deutlich geschrieben was ich brauche :-)
gibts probleme mit dem pc
und was heißt in deinem thementitel
quartänte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 2 1 2

Themen zu quartänte .was ist das.
anderes, angezeigt, avira, gefunde, malware, programm, quarantäne, seite, viren, virus, wirklich


« Der 50 € Abzocktrojaner, auch bei mir :( | Windowssytem blockiert »


Zum Thema quartänte .was ist das. - hallo ich habe wieder pech gehapt auf eienr seite da ich jetz virus pegommen habe avira hats angezeigt hats hab dan nochmal den pc gescannt un hatte viren gefunden die - quartänte .was ist das....
Archiv
Du betrachtest: quartänte .was ist das. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54