| |
| |||||||
Log-Analyse und Auswertung: Windowssystem gesperrt, Malwarebytes ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.03.2012, 16:04
| #1 |
 |  Windowssystem gesperrt, Malwarebytes ausgeführt Hallo Ihr Lieben, bei der aktuellen Welle des (ehemaligen) BKA-Virus hat es mich gestern auch erwischt. Im Autostart habe ich - wie viele andere, wie ich über die Google-Suche weiß - die SkypePM.exe gefunden, sie deaktiviert und konnte so wieder auf Windows zugreifen. Ich habe dann das Programm Malwarebytes ausgeführt und die entsprechenden Funde gelöscht bzw. in Quarantäne geschoben. Jetzt wüsste ich gerne, ob das nun ausreicht und falls nein, was die nächsten Schritte wären. Hier das OTL- und das Extra-Protokoll: Code:
ATTFilter OTL logfile created on: 20.03.2012 15:26:10 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Administrator\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,60 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 64,76% Memory free 7,21 Gb Paging File | 5,54 Gb Available in Paging File | 76,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 254,14 Gb Total Space | 42,06 Gb Free Space | 16,55% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,97 Gb Free Space | 93,02% Space Free | Partition Type: NTFS Computer Name: SARA-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.20 15:25:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.27 12:40:21 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.01.19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe PRC - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ========== Modules (No Company Name) ========== MOD - [2012.02.16 14:08:21 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 14:08:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 14:07:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 14:07:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 14:07:11 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.12.08 04:10:02 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.02.27 12:40:20 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe MOD - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe MOD - [2009.07.23 14:49:06 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll MOD - [2009.07.23 14:48:30 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll MOD - [2009.05.14 08:46:42 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll MOD - [2009.02.11 12:50:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll MOD - [2009.02.11 12:50:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll MOD - [2009.02.11 12:49:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.11.22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.10.02 09:51:10 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll MOD - [2007.05.29 02:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll MOD - [2007.03.26 02:39:36 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.26 05:00:14 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.25 23:48:06 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV:64bit: - [2007.11.28 10:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.23 14:34:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2007.11.28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.18 04:45:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2012.02.15 19:15:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.25 00:36:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.20 23:35:11 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.27 13:01:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011.02.27 13:01:11 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011.02.27 12:58:31 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.02.27 12:58:31 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.01.26 06:51:00 | 008,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.26 04:23:18 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.10 20:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.02 06:26:44 | 001,566,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.11.29 09:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.09.21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt) DRV:64bit: - [2010.09.03 06:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.06.25 03:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={795488AD-125A-4134-AB67-012AAA5BECD9}&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&lang=en&ds=ins13&pr=sa&d=2012-03-03 23:54:35&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B18eece22-d3c7-4b46-ac9a-3345226809a0%7D&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&ds=ins13&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2023%3A54%3A35&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 19:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 08:09:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 09:02:43 | 000,000,000 | ---D | M] [2011.10.16 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2012.03.07 02:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions [2012.01.27 12:27:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.04 00:15:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.03.07 02:39:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\anttoolbar@ant.com [2011.12.14 20:26:44 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\toolbar@stumbleupon.com [2012.03.17 08:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.23 19:32:58 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.01.12 19:24:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.03.17 08:09:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 17:15:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.12 03:52:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.03 23:54:29 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.02.12 03:52:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 03:52:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 03:52:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 03:52:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 03:52:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: StumbleUpon = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\ CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi) O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe () O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html () O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53407ECF-6E90-4F31-92E4-DCC56ED2B80F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A209DAB-3A96-4BF2-B0DD-4B7197065907}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell - "" = AutoRun O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: SkypePM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.20 03:43:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012.03.20 03:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.20 03:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.20 03:42:52 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.03.20 03:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.20 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype [2012.03.16 19:09:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Egypt Documents [2012.03.15 02:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\The Secret of Monkey Island [2012.03.14 19:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RenPy [2012.03.11 00:42:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Ein.Tick.anders.German.2011.AC3.DVDRiP.XviD-GMA- D [2012.03.09 03:04:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Supreme Documents [2012.03.09 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Hawaii Documents [2012.03.09 02:52:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slingo Quest Hawaii [2012.03.09 02:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Hawaii [2012.03.09 02:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Egypt Beta [2012.03.09 02:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Supreme [2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\windows\Slingo Supreme [2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Supreme [2012.03.09 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Amazon Documents [2012.03.09 02:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Quest Amazon [UPDATE] [2012.03.09 02:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Amazon [UPDATE] [2012.03.07 02:32:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Hausarbeit Sachenrecht [2012.03.07 00:46:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Documents [2012.03.07 00:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron [2012.03.05 22:37:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\funkitron [2012.03.05 22:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Deluxe [2012.03.05 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2012.03.05 20:26:38 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioInfos.dll [2012.03.05 20:26:38 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioVisu.dll [2012.03.05 20:26:38 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudPlayer.dll [2012.03.05 20:26:38 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioRecord.dll [2012.03.05 20:26:38 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\WMAFile.dll [2012.03.05 20:26:37 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDesign.dll [2012.03.05 20:26:37 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudFile.dll [2012.03.05 20:26:37 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDisplay.dll [2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack [2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter [2012.03.04 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Iggels [2012.03.04 00:00:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.junique [2012.03.04 00:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VMLoad [2012.03.03 23:54:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.03.03 23:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2012.03.03 23:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pflanzen gegen Zombies [2012.03.02 18:37:07 | 000,000,000 | ---D | C] -- C:\windows\solcache [2012.03.02 18:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra [2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra On-Line [2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\SIERRA [2012.03.02 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spawn [2012.03.02 18:33:45 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe [2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.03.02 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo [2012.03.01 20:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpecialBit Games [2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel [2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel [2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Fish [2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient [2012.03.01 20:46:22 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2012.02.29 23:01:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gimp-2.6 [2012.02.29 23:01:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\gegl-0.0 [2012.02.28 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.28 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2012.02.28 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.02.26 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KV Software [2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Pictures [2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\InterBA [2012.02.26 19:56:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\InterBA [2012.02.26 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ophelia's Bingo World [2012.02.26 19:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InterBA [2012.02.26 19:55:35 | 000,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\windows\UnDeployV.exe [2012.02.24 02:09:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales - Viehchroniken [2012.02.24 01:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vieh Chroniken [2012.02.21 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales [2012.02.21 20:24:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll [2012.02.21 20:24:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll [2012.02.21 20:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.02.21 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unwritten Tales [2012.02.19 19:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MythPeople ========== Files - Modified Within 30 Days ========== [2012.03.20 15:27:56 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.20 15:27:56 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.20 15:27:08 | 001,613,412 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.03.20 15:27:08 | 000,697,098 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.03.20 15:27:08 | 000,652,376 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.03.20 15:27:08 | 000,148,362 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.03.20 15:27:08 | 000,121,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.03.20 15:26:01 | 000,001,152 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job [2012.03.20 15:20:46 | 000,113,055 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.03.20 15:20:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.03.20 15:20:02 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys [2012.03.20 03:42:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 17:26:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job [2012.03.14 20:28:00 | 000,301,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.03.14 17:48:40 | 001,591,306 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.03.12 18:12:51 | 000,010,458 | ---- | M] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg [2012.03.11 20:28:24 | 000,002,436 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2012.03.09 02:53:10 | 000,001,104 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk [2012.03.09 02:40:15 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk [2012.03.09 02:38:26 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk [2012.03.09 02:29:31 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk [2012.03.09 01:52:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.07 00:44:26 | 000,000,850 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk [2012.03.06 16:14:23 | 107,006,626 | ---- | M] () -- C:\Users\Administrator\Desktop\Wallis Bird - Encore.mp4 [2012.03.05 20:26:47 | 000,001,296 | ---- | M] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk [2012.03.05 19:44:56 | 000,004,096 | ---- | M] () -- C:\windows\d3dx.dat [2012.03.02 19:28:38 | 000,014,605 | ---- | M] () -- C:\windows\DiabUnin.dat [2012.03.02 18:37:25 | 000,000,412 | ---- | M] () -- C:\windows\SIERRA.INI [2012.03.02 18:34:54 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe [2012.03.02 18:34:54 | 000,002,829 | ---- | M] () -- C:\windows\DiabUnin.pif [2012.02.24 01:58:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll [2012.02.24 01:58:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll ========== Files Created - No Company Name ========== [2012.03.20 03:42:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.12 18:12:51 | 000,010,458 | ---- | C] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg [2012.03.09 02:52:45 | 000,001,104 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk [2012.03.09 02:40:15 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk [2012.03.09 02:38:26 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk [2012.03.09 02:29:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk [2012.03.07 13:33:51 | 000,000,850 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk [2012.03.06 15:56:06 | 107,006,626 | ---- | C] () -- C:\Users\Administrator\Desktop\Wallis Bird - Encore.mp4 [2012.03.05 22:32:22 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2012.03.05 22:32:22 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk [2012.03.05 20:26:47 | 000,001,296 | ---- | C] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk [2012.03.05 20:26:38 | 000,116,296 | ---- | C] () -- C:\windows\SysWow64\NCTWMAProfiles.prx [2012.03.05 20:26:36 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2012.03.05 19:44:56 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat [2012.03.02 18:35:10 | 000,000,412 | ---- | C] () -- C:\windows\SIERRA.INI [2012.03.02 18:33:45 | 000,002,829 | ---- | C] () -- C:\windows\DiabUnin.pif [2012.03.02 18:33:42 | 000,014,605 | ---- | C] () -- C:\windows\DiabUnin.dat [2012.02.28 17:24:55 | 000,002,436 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2012.02.28 17:21:16 | 000,001,152 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job [2012.02.28 17:21:14 | 000,001,100 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job [2012.02.18 04:45:21 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\acedrv07.dll [2011.12.05 19:12:44 | 001,591,306 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.22 09:37:19 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2011.11.22 09:25:24 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll [2011.04.03 02:56:19 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxdninpa.dll [2011.04.03 02:56:19 | 000,348,160 | ---- | C] () -- C:\windows\SysWow64\LXDNinst.dll [2011.04.03 02:56:19 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdniesc.dll [2011.04.03 02:56:19 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxdncomx.dll [2011.04.03 02:56:18 | 001,101,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnserv.dll [2011.04.03 02:56:18 | 000,843,776 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnusb1.dll [2011.04.03 02:56:18 | 000,663,552 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnhbn3.dll [2011.04.03 02:56:18 | 000,647,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnpmui.dll [2011.04.03 02:56:18 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncoms.exe [2011.04.03 02:56:18 | 000,569,344 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnlmpm.dll [2011.04.03 02:56:18 | 000,315,392 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnih.exe [2011.04.03 02:56:18 | 000,053,248 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnprox.dll [2011.04.03 02:56:17 | 000,851,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomc.dll [2011.04.03 02:56:17 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomm.dll [2011.04.03 02:56:17 | 000,360,448 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncfg.exe [2011.03.20 19:50:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2011.02.27 12:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011.02.27 12:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011.02.27 12:40:29 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011.02.27 12:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011.02.27 12:40:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini [2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini [2011.02.27 12:14:30 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.02.27 12:10:49 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.01.11 02:34:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft [2012.01.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon [2011.12.10 00:12:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games [2011.12.27 09:13:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre [2011.11.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Chirurgie Simulation [2012.03.20 02:45:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2012.01.27 12:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft [2012.01.27 12:27:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.12 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EnchantedCavern2 [2011.11.11 03:45:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free PDF to Word Converter [2012.03.05 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack [2012.03.16 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\funkitron [2012.03.13 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ [2012.03.04 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Iggels [2012.03.14 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RenPy [2011.11.01 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM [2012.02.16 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TLOTGT [2012.01.15 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSE Games [2012.03.19 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UseNeXT [2012.03.04 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VMLoad [2012.02.09 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xi [2012.02.19 01:39:41 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.03 01:55:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.23 01:16:56 | 000,000,000 | ---D | M] -- C:\70d4adeb9c4bbe7108 [2012.03.05 22:36:28 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.20 18:49:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.04 03:06:24 | 000,000,000 | ---D | M] -- C:\Dosbox [2011.04.03 02:54:57 | 000,000,000 | ---D | M] -- C:\drivers [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.22 09:25:06 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.20 03:42:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.20 03:42:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.20 18:49:11 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.20 18:49:12 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.02 18:36:27 | 000,000,000 | ---D | M] -- C:\SIERRA [2012.02.08 17:13:39 | 000,000,000 | ---D | M] -- C:\Spiele [2012.02.09 20:48:16 | 000,000,000 | ---D | M] -- C:\Streamdownloads [2012.03.20 15:28:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.02.27 12:49:32 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF [2011.10.16 01:16:04 | 000,000,000 | R--D | M] -- C:\Users [2012.03.20 09:42:20 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.27 03:17:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.27 03:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2011.02.27 03:17:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2011.02.27 03:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.02.27 03:17:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2011.02.27 03:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.27 03:17:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2011.02.27 03:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "NoAutoRebootWithLoggedOnUsers" = 1 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:A7DA2BCD @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CC30FDA5 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4B244549 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6C031E3E @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6537A16 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D2AF100E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C3D5A8B @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ED221572 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:880F0FEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.03.2012 15:26:10 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,60 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 64,76% Memory free
7,21 Gb Paging File | 5,54 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 42,06 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,97 Gb Free Space | 93,02% Space Free | Partition Type: NTFS
Computer Name: SARA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C897CB6-9393-C1DF-089D-7BB33C344362}" = AMD Fuel
"{50F24798-E870-CEE2-64CA-56DD81A27BAC}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B31B6C8-383F-2362-5EB4-D950F666D8FD}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A4EF15-22EE-B863-717D-4237AA3C1536}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{070667D2-A6DC-C36C-10D0-4D25F0054B78}" = CCC Help Chinese Standard
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09CB25FF-E950-0699-DA4D-5BDCD5A653EA}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{194E63E4-4AA0-F201-3C96-7EFEA0AEFE91}" = CCC Help French
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F3C1281-F291-573B-3913-774993D6F2C6}" = CCC Help Korean
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{2D2E2AD9-2DD9-FC5E-32A7-2961E5800C58}" = CCC Help English
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D8D16D-13AC-826F-7494-166EB0CC021F}" = Catalyst Control Center Graphics Previews Common
"{47B5B5D0-2D0D-887B-E3A3-29744258A2F2}" = CCC Help Portuguese
"{47FAF76A-B225-FA71-F0AA-9ACD71A1A6EB}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0636E0-C17F-FEE2-0704-944EC0315996}" = CCC Help Japanese
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54DA5204-5F2B-BB6B-3A29-93DB85E71F02}" = CCC Help Czech
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5B64310E-6C76-10FB-EF2D-D63D7901FE27}" = CCC Help Spanish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6429EC24-5976-8B97-0C73-C7C6EEE717BE}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA63B49-FF6B-D9EC-F578-36AAD863791F}" = CCC Help Hungarian
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C9D4E8-A57A-95C2-8503-2021E9678096}" = CCC Help Thai
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DC53E4-8D6E-4C78-A8D6-C41A7C2BBAB2}_is1" = Max Payne Ultimate Edition v1.0
"{86394597-E2A6-B8EE-9E01-5FF6FD919BFB}" = ccc-core-static
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F705A4D-B625-1E7E-BD3B-5DB253F4A3AE}" = Catalyst Control Center Profiles Mobile
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE557889-A5F1-212B-BC66-2A67D5FB84D7}" = Catalyst Control Center Localization All
"{AF311022-8A9B-41F5-BE54-E361DF2C8AA6}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B6534AA4-E51E-4D0E-AE12-ABFD55890F7C}_is1" = Slingo Quest Amazon [UPDATE]
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C601C102-3CF4-B39C-4479-D03BDA605CDB}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CABAAA-41C5-40F1-3DCC-A15E2DB8600E}" = CCC Help Dutch
"{C8670645-69C0-A438-CDD7-821A54D6C7B0}" = CCC Help Danish
"{CD5CDBC3-D83E-38BF-297B-CF3B54160C6E}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D05B0ED7-7C10-49C2-990C-8D984197C1B4_P1}_is1" = Book of Unwritten Tales Patch 1.01
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D14AAC37-38FC-4454-9CEC-B3CD081632C4}" = calibre
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AA424E-0598-45D7-0D92-113ACC44EC50}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35E2F85-3E06-ADAD-7774-663DFD300D44}" = Catalyst Control Center InstallProxy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9F03F14-2EF3-7E0C-095F-A2056D748271}" = CCC Help Russian
"{EAE6BF35-84C4-F159-268E-9B63BDCDF545}" = CCC Help German
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9502EF3-3D89-7CDC-1BB8-9AC33789BCA5}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bauern Glück" = Bauern Glück
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Slingo Deluxe" = Slingo Deluxe
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo" = Diablo
"Die Legende des goldenen Buches" = Die Legende des goldenen Buches
"DivX Setup" = DivX-Setup
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Gemini Lost Deluxe_is1" = Gemini Lost Deluxe
"Hellfire" = Hellfire
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NetXfer (Multilingual)_is1" = NetXfer 2.72a.437
"OpenAL" = OpenAL
"Ophelia's Bingo World" = Accorg Ophelia's Bingo World 2.21.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"QuickPar" = QuickPar 0.9
"Sanitarium" = Sanitarium
"ScummVM_is1" = ScummVM 1.2.1
"Season Match" = Season Match
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Sierra Utilities" = Sierra Utilities
"Slingo Quest - Deutsch" = Slingo Quest - Deutsch
"Slingo Quest Egypt Beta1.0.0.68" = Slingo Quest Egypt Beta
"Slingo Supreme1.0" = Slingo Supreme
"UltraStar Deluxe" = UltraStar Deluxe
"UseNeXT_is1" = UseNeXT
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Woodville Chronicles_is1" = Woodville Chronicles
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Madame |
| Themen zu Windowssystem gesperrt, Malwarebytes ausgeführt |
| 0x00000001, alternate, antivir, avira, bho, c:\windows\system32\cmd.exe, cid, desktop, downloader, error, firefox, flash player, format, helper, home, install.exe, installation, jdownloader, lenovo, locker, logfile, microsoft office 2003, mp3, plug-in, programm, realtek, registry, rundll, scan, searchscopes, security, software, super, usb, usb 2.0, windows |
Baum-Darstellung