#Nach Virus keine Icons auf dem Desktop mehr!

Levi1 · 17.05.2012, 00:43

Sehr geehrtes Trojaner-Board,

hab mir leider gestern ein Virus der Marke "Bildschirm wird gesperrt-Zahle xxx€ um ihn zu entsperren". Hab im abgesicherten Modus Malwarebytes drüberlaufen lassen und fix alle Funde gelöscht. Soweit sogut.

Nach dem Rebooten ist mir jedoch aufgefallen das alle Desktopicons nicht sichtbar sind, nach kurzem Googlen stelle ich fest das es anscheinend ein bekanntes Problem sei nach der Entfernung eines Virus.

Alles am PC funktioniert soweit ich es beurteilen kann einwandfrei, nur die Icons sind nicht vorhanden/kann auch nichts auf den Desktop ziehen.

MfG,

Levi

cosinus · 17.05.2012, 19:09

Zitat:

Hab im abgesicherten Modus Malwarebytes drüberlaufen lassen und fix alle Funde gelöscht. Soweit sogut.

Ohne die Logs von Malwarebytes und Co wird das hier nichts.

Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Levi1 · 17.05.2012, 23:33

Hallo cosinus,

erstmal danke für Antwort

Bei Malwarebytes werden mir ziemlich viele Logdatein angezeigt, welche soll ich posten?

MfG,

Levi

cosinus · 19.05.2012, 11:59

Du kannst alle Logs zippen und hier anhängen

Levi1 · 19.05.2012, 13:39

Habs glaube ich gefunden dank Datum Angabe^^

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.05.16.03

Windows 7 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7600.16385
Zooey Deschanel :: LIANGPC [Administrator]

Schutz: Deaktiviert

16.05.2012 15:04:45
mbam-log-2012-05-16 (15-04-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408724
Laufzeit: 19 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{QbUUmTWv-vB5o-PUu5-6nzJ-qFZqif61VYcq} (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZZChw4ZycSefR9n (Backdoor.Agent) -> Daten: C:\Users\Zooey Deschanel\AppData\Roaming\BSI.bund.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZZChw4ZycSefR9n (Backdoor.Agent) -> Daten: C:\Users\Zooey Deschanel\AppData\Roaming\BSI.bund.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Zooey Deschanel\AppData\Roaming\BSI.bund.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 19.05.2012, 13:57

Hast du noch weitere Logs mit Funden?

Levi1 · 19.05.2012, 15:50

Das ist von 6 Tagen vorher, sonst nur welche die eeewig her sind

Zitat:

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.05.10.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Zooey Deschanel :: LIANGPC [Administrator]

Schutz: Aktiviert

10.05.2012 13:07:51
mbam-log-2012-05-10 (13-07-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407144
Laufzeit: 38 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Zooey Deschanel\AppData\Local\temp\mjt0uikj.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 20.05.2012, 19:45

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Levi1 · 22.05.2012, 12:37

Hier die Logs

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ca03e98b6c4594797ced093be7809c8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-22 10:34:22
# local_time=2012-05-22 12:34:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 17345740 17345740 0 0
# compatibility_mode=5893 16776573 100 94 317 90118238 0 0
# compatibility_mode=8192 67108863 100 0 133 133 0 0
# scanned=192775
# found=9
# cleaned=0
# scan_time=3366
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1eb8e254-2e3c1dce Java/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\23ef0b44-7eee7708 a variant of Java/Exploit.Agent.NBC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\36a7aabb-51a076c1 Java/Exploit.Agent.NBD trojan (unable to clean) 00000000000000000000000000000000 I
F:\Spiele\Downloads\DreamGirls_Wild_Party_Girls_1,3,6_7,9_13,15_19,21,23_24,27_31,.exe Win32/Adware.1ClickDownload application (unable to clean) 00000000000000000000000000000000 I

cosinus · 22.05.2012, 13:21

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Levi1 · 22.05.2012, 13:51

Jo, alles scheint normal und uneingeschränkt bis auf den Desktop zu funktionieren.

Hab alles mal probeweise angeklickt, hab keine leeren Ordner unter alle Programme entdeckt.

MfG,

Levi

cosinus · 22.05.2012, 13:54

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Levi1 · 22.05.2012, 15:50

Hiho,

danke schnmal für die Hilfe bisher. Hier die Logs

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2012 16:47:34 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Zooey Deschanel\Desktop\Data
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,44% Memory free
6,50 Gb Paging File | 5,07 Gb Available in Paging File | 78,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 12,42 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive D: | 6,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 743,19 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
 
Computer Name: LIANGPC | User Name: Zooey Deschanel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Zooey Deschanel\Desktop\Data\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7E D1 F9 43 9A CC 01  [binary data]
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 05:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 09:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.24 20:42:38 | 000,000,000 | ---D | M]
 
[2011.11.03 18:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Extensions
[2012.05.18 13:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions
[2012.05.18 13:05:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions\ich@maltegoetz.de
[2012.02.01 21:45:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions\plugin@yontoo.com
[2012.01.08 05:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 05:06:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.05.03 09:39:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 22:36:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 16:54:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 16:54:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.20 16:54:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 16:54:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 16:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 16:54:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.06 18:01:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesHelper] F:\Programme\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Programme\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Spotify] C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Spotify Web Helper] C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Steam] F:\Spiele\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BE0245E-3722-4587-8351-0F456FCE2C84}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8474337-1BB2-49E4-A5E9-994FB57CCBA6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.08 12:07:09 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2010.02.08 10:55:51 | 002,855,560 | ---- | M] (UBISOFT) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.02.08 10:55:52 | 000,000,043 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{504BB5F9-25AA-44FC-B445-8B0FD017FA7B}
[2012.05.22 11:29:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B45E8E06-EA65-45C5-84B1-1E1C395BA70C}
[2012.05.21 15:52:54 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6E92C78A-4902-477E-BF75-BD7404FC4655}
[2012.05.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{ED71DE65-6D78-4DF7-BA72-E0A70EF2C796}
[2012.05.20 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9B9C1B01-AA6D-4EE5-8219-1D4220BE3C47}
[2012.05.20 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8DF34815-6453-4FD6-AAD3-9E4ED499A20D}
[2012.05.20 11:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.20 11:12:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6A539025-ACEE-40B7-A480-E7154DB02738}
[2012.05.20 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{13C4A783-C0D4-45CC-AA63-60D1CB03B64D}
[2012.05.20 00:35:45 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\Neuer Ordner
[2012.05.19 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{87B7BE40-C82E-4441-B1CE-6E3D229C4D63}
[2012.05.19 12:14:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EA7639BE-BFE7-4CA3-A6AF-D82427AFB3CD}
[2012.05.19 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\Spotify
[2012.05.19 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify
[2012.05.18 13:05:03 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6C6C779C-961E-4936-A930-E37F085ADE07}
[2012.05.18 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C5F22BE1-88CE-48C8-903E-CBC8855F4A88}
[2012.05.17 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{14B8D8F3-AC9C-4187-AE2A-2CF88B7142B9}
[2012.05.17 11:20:52 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7B924B53-A8F6-49A5-BC0B-9F7D24255191}
[2012.05.17 01:35:04 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{92FED7A6-0868-418C-9E83-729B69F1013C}
[2012.05.17 01:34:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7C6981D9-4758-4688-9998-0FD8015CCB99}
[2012.05.16 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{65C6A0B7-F5D3-49D9-9D64-EDBA695FC69D}
[2012.05.16 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6F3827B4-3DBA-48CE-B8B0-769675950DE5}
[2012.05.16 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{42F2ACF8-26AE-4175-A782-8F397BFA9C3C}
[2012.05.16 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2ABD68AA-6E13-4EFE-9BFD-9882486EC761}
[2012.05.16 14:08:04 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{CF4C57C0-28AB-42C9-A320-D21E6EFEE2C5}
[2012.05.16 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{783D71DD-F40F-4A9D-95AB-F0A2A6547306}
[2012.05.15 13:19:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{496FF681-79E0-449F-ADCF-506552E5923F}
[2012.05.15 13:19:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{080A4FF0-B089-416F-89CA-9F05BCC3AF36}
[2012.05.14 15:49:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{91D6638F-89B6-452C-AA03-02BB28B21E9E}
[2012.05.14 15:49:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{33EE8461-08D1-45E8-9EFF-AEEE1EFBDF4B}
[2012.05.13 12:55:12 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B4A183CE-E42F-4CBD-B316-6B45FA60DAA1}
[2012.05.13 12:54:51 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B50B119B-F437-43FB-9297-665EFECB71A4}
[2012.05.13 04:29:23 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{33B34EA7-5A9E-41F6-AF75-73174BF65A0D}
[2012.05.13 03:20:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{65B28F07-2D62-4C00-8BC0-778113E43736}
[2012.05.13 03:20:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{15E0C43F-CBC5-4BCF-9B79-7E1026EF9CAE}
[2012.05.12 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BC4BE65C-A00F-43C8-B68D-B0870068215C}
[2012.05.12 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EB5082B3-1FD6-41CA-BF52-EDE2AD468130}
[2012.05.11 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{DB5FD67A-1211-4A73-8083-1BD7CC7BE663}
[2012.05.11 12:31:28 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{09EBCED7-7013-49CA-ABBB-CD47C38B3E5C}
[2012.05.10 11:32:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6BFD8103-C4FC-4013-9754-92FDEEFA425D}
[2012.05.10 11:32:30 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2A4BADAE-0EEE-41C6-B543-8209E513024F}
[2012.05.09 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{627DF269-A8AD-4C47-9A6F-9147997A2D10}
[2012.05.09 15:43:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{4C858FA0-6F9D-4B66-871F-A9615FD22256}
[2012.05.08 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{18BD3039-44B9-47C7-84AF-9C55B5A2C229}
[2012.05.08 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{FB3355F6-D4F7-49AF-A074-DEBC64E7B860}
[2012.05.08 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A86123D1-F935-4207-A981-4F17E0032ADE}
[2012.05.08 13:19:29 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7BE1045B-F5D5-4A3D-8A70-B0B3AB450ED8}
[2012.05.07 10:06:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{24F11ACF-CF74-4F90-A9EB-7DBA88F07736}
[2012.05.07 10:05:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{037A9B2D-96D9-47A1-8B88-34F3EB2FACF6}
[2012.05.06 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6AE53F97-BBA7-4B27-9CDD-5D8273879C88}
[2012.05.06 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C3879C6B-698A-42AD-A1C2-BFA672B13D87}
[2012.05.05 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8812D626-3586-4FBA-AF0F-E66D1F8C7BCA}
[2012.05.05 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3B3CFEAF-AA28-48C2-9326-19663CB29CF4}
[2012.05.05 00:19:28 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{13AEA1DB-EF69-4C85-AE2E-8B80632AA86D}
[2012.05.05 00:19:09 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{266CAA98-652A-4F1D-B265-3D736187C3D9}
[2012.05.04 12:47:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D7F8603E-EEFB-4BCC-BBE2-5666D9FF9AC5}
[2012.05.04 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9FC27320-B0C9-4162-92D5-99EE85D32021}
[2012.05.03 15:51:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1469C94E-60BE-42D9-8313-14C82B898523}
[2012.05.03 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{76C88997-535D-4AC0-83FB-4049FA1FF6CC}
[2012.05.03 09:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 09:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{69D83437-E67A-460A-954F-94082CDC351A}
[2012.05.03 09:38:13 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C082BC1A-A03B-43EC-A974-318BBCA7AA11}
[2012.05.02 19:35:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{28523460-EAFE-48B9-8B87-B5B0328D2B77}
[2012.05.02 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{571FD5BC-EAD4-4850-A535-AB0985852276}
[2012.05.02 17:10:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3A6EF2B4-BCF0-47F9-808E-DDA5ABE84B04}
[2012.05.01 12:15:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D0B1B15A-8687-4831-85C3-AF454426CDA9}
[2012.05.01 12:15:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C0D12A85-657D-496F-A6CB-9DCD62563DAD}
[2012.05.01 00:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{39FF4645-A7AC-4F29-9D02-0462E776D258}
[2012.05.01 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{02335CDF-06DA-4821-A1B5-18B65E9309C1}
[2012.04.30 15:49:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BF681D93-4559-42F4-BEB6-CB79D1D75396}
[2012.04.30 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{CCE3168F-3CC6-4A20-A231-DF8FEE5197F7}
[2012.04.29 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{72EED3EA-7BDE-481A-8E18-900730DB8594}
[2012.04.29 19:04:32 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{64A1F207-975F-45E4-B67A-F1F22D84D1FC}
[2012.04.29 17:42:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{92D84984-088D-4236-AD37-2D8E74DF3012}
[2012.04.29 17:42:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C7BBD6F1-E862-4478-AD92-B27E925CAAE3}
[2012.04.29 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.29 17:15:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.04.29 16:39:43 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A8F475F1-2464-4D12-9060-242A1C7F859C}
[2012.04.29 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{57F48BC8-0DE1-418C-8AB6-DA704D94F772}
[2012.04.29 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{ACF677E0-74AE-4942-A52D-096CE1F5245E}
[2012.04.29 11:05:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D392FAF2-8CD2-4749-B0E8-5E3DF073E993}
[2012.04.28 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F5D8FF28-47F3-4FEE-B259-671A293BBD8B}
[2012.04.28 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8A0C2FC6-78F5-4F2D-97DC-508031E34BB2}
[2012.04.28 17:55:59 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{332E88C5-5DE0-4C80-A5F5-A36585CB64DA}
[2012.04.28 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{60FBDAEE-D646-48A0-BB0C-5C633D4DF3BB}
[2012.04.28 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\Ubisoft
[2012.04.28 15:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.04.28 13:32:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{26660A58-CFF1-475C-8B9B-E9FBDF840ECA}
[2012.04.28 13:31:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D61FBB96-7707-4002-B02D-DFA6F54A34AA}
[2012.04.28 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{62AE4C53-3AB8-4229-AF4C-AD42B4B25EA6}
[2012.04.28 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1FECD79E-7FEF-4B0F-A3E4-9EB4BF34EDD4}
[2012.04.27 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{200FDD9D-4B81-45F1-BA6E-2FD82DB4ACCB}
[2012.04.27 12:43:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{31113462-D2A1-420C-9570-28D74C804005}
[2012.04.26 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EA2892F2-0082-4EA6-A035-06C64D03E9A8}
[2012.04.26 21:47:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{90F22394-642F-4246-AB1B-4A9C68994F10}
[2012.04.26 09:48:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9CCE25FA-E9A9-4907-9843-13D50C15B65F}
[2012.04.26 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C3112C48-72B0-44BA-8587-A4E5FDCA40ED}
[2012.04.25 17:21:20 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A81EF66B-4951-4292-A390-2FEAB761E0E9}
[2012.04.25 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E4B9E9E7-D980-46A0-B10E-441D0ED33557}
[2012.04.24 17:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.04.24 17:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge
[2012.04.24 14:01:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F63C57CD-FC7A-444B-9CB4-1A74E760BD8B}
[2012.04.24 14:00:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{77DE4987-A870-4A10-A210-78FFC496B69F}
[2012.04.23 15:40:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3AB4899A-290E-4823-BFBA-681BC0D2BEEB}
[2012.04.23 15:40:17 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C55F0C7A-16F2-48C1-AB43-9B27EEC04838}
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 11:36:11 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:36:11 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:35:22 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.22 11:35:22 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.22 11:35:22 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.22 11:35:22 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.22 11:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 11:28:54 | 2616,532,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.20 11:23:50 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.19 01:27:58 | 000,001,854 | ---- | M] () -- C:\Users\Zooey Deschanel\Desktop\Spotify.lnk
[2012.05.13 03:19:53 | 000,300,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 18:44:46 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 18:44:46 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.20 11:15:18 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.19 01:27:58 | 000,001,854 | ---- | C] () -- C:\Users\Zooey Deschanel\Desktop\Spotify.lnk
[2012.05.19 01:27:58 | 000,001,840 | ---- | C] () -- C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.04.29 17:15:43 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.05 13:20:12 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.11.03 17:22:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.03 17:22:47 | 000,028,763 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== LOP Check ==========
 
[2012.04.01 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\.minecraft
[2012.03.02 20:47:24 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Amazon
[2011.11.03 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\LolClient
[2011.11.20 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\OpenOffice.org
[2012.03.24 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Origin
[2011.11.20 22:45:09 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\PhotoFiltre
[2011.11.11 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Samsung
[2012.05.22 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify
[2012.04.23 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\TS3Client
[2012.04.28 15:14:58 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Ubisoft
[2012.02.02 01:43:31 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\uTorrent
[2012.04.21 18:43:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< ESETSmartInstaller@High as downloader log: >
 
< all ok >
 
< # version=7 >
 
< # OnlineScannerApp.exe=1.0.0.1 >
 
< # OnlineScanner.ocx=1.0.0.6583 >
 
< # api_version=3.0.2 >
 
< # EOSSerial=6ca03e98b6c4594797ced093be7809c8 >
 
< # end=finished >
 
< # remove_checked=false >
 
< # archives_checked=true >
 
< # unwanted_checked=true >
 
< # unsafe_checked=false >
 
< # antistealth_checked=true >
 
< # utc_time=2012-05-22 10:34:22 >
 
< # local_time=2012-05-22 12:34:22 (+0100, Mitteleuropäische Sommerzeit) >
 
< # country="Germany" >
 
< # lang=1033 >
 
< # osver=6.1.7600 NT  >
 
< # compatibility_mode=1792 16777215 100 0 17345740 17345740 0 0 >
 
< # compatibility_mode=5893 16776573 100 94 317 90118238 0 0 >
 
< # compatibility_mode=8192 67108863 100 0 133 133 0 0 >
 
< # scanned=192775 >
 
< # found=9 >
 
< # cleaned=0 >
 
< # scan_time=3366 >
 
< C:\Program Files\Yontoo\YontooIEClient.dll	a variant of Win32/Adware.Yontoo.A application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.Yontoo.A application (unable to clean)	00000000000000000000000000000000	I
 
< C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
 
< C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
 
< C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
 
< C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
 
< C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1eb8e254-2e3c1dce	Java/Exploit.Agent.NBQ trojan (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Exploit.Agent.NBQ trojan (unable to clean)	00000000000000000000000000000000	I
 
< C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\23ef0b44-7eee7708	a variant of Java/Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I
 
< C:\Users\Zooey Deschanel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\36a7aabb-51a076c1	Java/Exploit.Agent.NBD trojan (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Exploit.Agent.NBD trojan (unable to clean)	00000000000000000000000000000000	I
 
< F:\Spiele\Downloads\DreamGirls_Wild_Party_Girls_1,3,6_7,9_13,15_19,21,23_24,27_31,.exe	Win32/Adware.1ClickDownload application (unable to clean)	00000000000000000000000000000000	I >
Invalid Switch: Adware.1ClickDownload application (unable to clean)	00000000000000000000000000000000	I

< End of report >

--- --- ---

MfG,

Levi

cosinus · 22.05.2012, 18:47

Zitat:

========== Custom Scans ==========

< ESETSmartInstaller@High as downloader log: >

< all ok >

< # version=7 >

< # OnlineScannerApp.exe=1.0.0.1 >

Also du musst schon genau aufpassen was du kopierst und bei OTL einfügst!
Du kannst doch nicht einfach das ESET-Log da für den CustomScan verwenden!

Levi1 · 22.05.2012, 19:59

Mist, ich bin untröstlich da hatte ich noch den vorherigen Log im Speicher :-/

Jetzt aber:

[QUOTE]--OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2012 20:49:03 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Zooey Deschanel\Desktop\Data
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 43,69% Memory free
6,50 Gb Paging File | 4,10 Gb Available in Paging File | 63,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,80 Gb Total Space | 12,34 Gb Free Space | 22,11% Space Free | Partition Type: NTFS
Drive D: | 6,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 743,19 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
 
Computer Name: LIANGPC | User Name: Zooey Deschanel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Programme\TS3\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - F:\Spiele\steam\steam.exe (Valve Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Zooey Deschanel\Desktop\Data\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - F:\Spiele\steam\bin\libcef.dll ()
MOD - F:\Spiele\steam\bin\avcodec-53.dll ()
MOD - F:\Spiele\steam\bin\chromehtml.dll ()
MOD - F:\Spiele\steam\bin\avformat-53.dll ()
MOD - F:\Spiele\steam\bin\avutil-51.dll ()
MOD - C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - F:\Programme\TS3\plugins\clientquery_plugin.dll ()
MOD - F:\Programme\TS3\soundbackends\windowsaudiosession_win32.dll ()
MOD - F:\Programme\TS3\soundbackends\directsound_win32.dll ()
MOD - F:\Programme\TS3\plugins\appscanner_plugin.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - F:\Programme\TS3\QtGui4.dll ()
MOD - F:\Programme\TS3\QtCore4.dll ()
MOD - F:\Programme\TS3\QtNetwork4.dll ()
MOD - F:\Programme\TS3\imageformats\qjpeg4.dll ()
MOD - F:\Programme\TS3\imageformats\qgif4.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7E D1 F9 43 9A CC 01  [binary data]
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 05:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 09:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.24 20:42:38 | 000,000,000 | ---D | M]
 
[2011.11.03 18:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Extensions
[2012.05.18 13:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions
[2012.05.18 13:05:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions\ich@maltegoetz.de
[2012.02.01 21:45:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Zooey Deschanel\AppData\Roaming\mozilla\Firefox\Profiles\cc9ya6lp.default\extensions\plugin@yontoo.com
[2012.01.08 05:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 05:06:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
() (No name found) -- C:\USERS\ZOOEY DESCHANEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CC9YA6LP.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.05.03 09:39:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 22:36:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 16:54:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 16:54:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.20 16:54:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 16:54:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 16:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 16:54:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.06 18:01:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesHelper] F:\Programme\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Programme\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Spotify] C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Spotify Web Helper] C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000..\Run: [Steam] F:\Spiele\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2467157446-3512218533-3410238873-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BE0245E-3722-4587-8351-0F456FCE2C84}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8474337-1BB2-49E4-A5E9-994FB57CCBA6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.08 12:07:09 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2010.02.08 10:55:51 | 002,855,560 | ---- | M] (UBISOFT) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.02.08 10:55:52 | 000,000,043 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - F:\Programme\hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{504BB5F9-25AA-44FC-B445-8B0FD017FA7B}
[2012.05.22 11:29:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B45E8E06-EA65-45C5-84B1-1E1C395BA70C}
[2012.05.21 15:52:54 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6E92C78A-4902-477E-BF75-BD7404FC4655}
[2012.05.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{ED71DE65-6D78-4DF7-BA72-E0A70EF2C796}
[2012.05.20 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9B9C1B01-AA6D-4EE5-8219-1D4220BE3C47}
[2012.05.20 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8DF34815-6453-4FD6-AAD3-9E4ED499A20D}
[2012.05.20 11:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.20 11:12:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6A539025-ACEE-40B7-A480-E7154DB02738}
[2012.05.20 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{13C4A783-C0D4-45CC-AA63-60D1CB03B64D}
[2012.05.20 00:35:45 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\Neuer Ordner
[2012.05.19 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{87B7BE40-C82E-4441-B1CE-6E3D229C4D63}
[2012.05.19 12:14:24 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EA7639BE-BFE7-4CA3-A6AF-D82427AFB3CD}
[2012.05.19 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\Spotify
[2012.05.19 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify
[2012.05.18 13:05:03 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6C6C779C-961E-4936-A930-E37F085ADE07}
[2012.05.18 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C5F22BE1-88CE-48C8-903E-CBC8855F4A88}
[2012.05.17 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{14B8D8F3-AC9C-4187-AE2A-2CF88B7142B9}
[2012.05.17 11:20:52 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7B924B53-A8F6-49A5-BC0B-9F7D24255191}
[2012.05.17 01:35:04 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{92FED7A6-0868-418C-9E83-729B69F1013C}
[2012.05.17 01:34:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7C6981D9-4758-4688-9998-0FD8015CCB99}
[2012.05.16 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{65C6A0B7-F5D3-49D9-9D64-EDBA695FC69D}
[2012.05.16 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6F3827B4-3DBA-48CE-B8B0-769675950DE5}
[2012.05.16 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{42F2ACF8-26AE-4175-A782-8F397BFA9C3C}
[2012.05.16 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2ABD68AA-6E13-4EFE-9BFD-9882486EC761}
[2012.05.16 14:08:04 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{CF4C57C0-28AB-42C9-A320-D21E6EFEE2C5}
[2012.05.16 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{783D71DD-F40F-4A9D-95AB-F0A2A6547306}
[2012.05.15 13:19:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{496FF681-79E0-449F-ADCF-506552E5923F}
[2012.05.15 13:19:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{080A4FF0-B089-416F-89CA-9F05BCC3AF36}
[2012.05.14 15:49:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{91D6638F-89B6-452C-AA03-02BB28B21E9E}
[2012.05.14 15:49:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{33EE8461-08D1-45E8-9EFF-AEEE1EFBDF4B}
[2012.05.13 12:55:12 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B4A183CE-E42F-4CBD-B316-6B45FA60DAA1}
[2012.05.13 12:54:51 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{B50B119B-F437-43FB-9297-665EFECB71A4}
[2012.05.13 04:29:23 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{33B34EA7-5A9E-41F6-AF75-73174BF65A0D}
[2012.05.13 03:20:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{65B28F07-2D62-4C00-8BC0-778113E43736}
[2012.05.13 03:20:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{15E0C43F-CBC5-4BCF-9B79-7E1026EF9CAE}
[2012.05.12 10:00:47 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BC4BE65C-A00F-43C8-B68D-B0870068215C}
[2012.05.12 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EB5082B3-1FD6-41CA-BF52-EDE2AD468130}
[2012.05.11 12:31:49 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{DB5FD67A-1211-4A73-8083-1BD7CC7BE663}
[2012.05.11 12:31:28 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{09EBCED7-7013-49CA-ABBB-CD47C38B3E5C}
[2012.05.10 11:32:50 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6BFD8103-C4FC-4013-9754-92FDEEFA425D}
[2012.05.10 11:32:30 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{2A4BADAE-0EEE-41C6-B543-8209E513024F}
[2012.05.09 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{627DF269-A8AD-4C47-9A6F-9147997A2D10}
[2012.05.09 15:43:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{4C858FA0-6F9D-4B66-871F-A9615FD22256}
[2012.05.08 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{18BD3039-44B9-47C7-84AF-9C55B5A2C229}
[2012.05.08 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{FB3355F6-D4F7-49AF-A074-DEBC64E7B860}
[2012.05.08 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A86123D1-F935-4207-A981-4F17E0032ADE}
[2012.05.08 13:19:29 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{7BE1045B-F5D5-4A3D-8A70-B0B3AB450ED8}
[2012.05.07 10:06:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{24F11ACF-CF74-4F90-A9EB-7DBA88F07736}
[2012.05.07 10:05:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{037A9B2D-96D9-47A1-8B88-34F3EB2FACF6}
[2012.05.06 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{6AE53F97-BBA7-4B27-9CDD-5D8273879C88}
[2012.05.06 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C3879C6B-698A-42AD-A1C2-BFA672B13D87}
[2012.05.05 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8812D626-3586-4FBA-AF0F-E66D1F8C7BCA}
[2012.05.05 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3B3CFEAF-AA28-48C2-9326-19663CB29CF4}
[2012.05.05 00:19:28 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{13AEA1DB-EF69-4C85-AE2E-8B80632AA86D}
[2012.05.05 00:19:09 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{266CAA98-652A-4F1D-B265-3D736187C3D9}
[2012.05.04 12:47:22 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D7F8603E-EEFB-4BCC-BBE2-5666D9FF9AC5}
[2012.05.04 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9FC27320-B0C9-4162-92D5-99EE85D32021}
[2012.05.03 15:51:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1469C94E-60BE-42D9-8313-14C82B898523}
[2012.05.03 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{76C88997-535D-4AC0-83FB-4049FA1FF6CC}
[2012.05.03 09:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 09:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{69D83437-E67A-460A-954F-94082CDC351A}
[2012.05.03 09:38:13 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C082BC1A-A03B-43EC-A974-318BBCA7AA11}
[2012.05.02 19:35:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{28523460-EAFE-48B9-8B87-B5B0328D2B77}
[2012.05.02 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{571FD5BC-EAD4-4850-A535-AB0985852276}
[2012.05.02 17:10:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3A6EF2B4-BCF0-47F9-808E-DDA5ABE84B04}
[2012.05.01 12:15:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D0B1B15A-8687-4831-85C3-AF454426CDA9}
[2012.05.01 12:15:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C0D12A85-657D-496F-A6CB-9DCD62563DAD}
[2012.05.01 00:38:08 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{39FF4645-A7AC-4F29-9D02-0462E776D258}
[2012.05.01 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{02335CDF-06DA-4821-A1B5-18B65E9309C1}
[2012.04.30 15:49:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{BF681D93-4559-42F4-BEB6-CB79D1D75396}
[2012.04.30 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{CCE3168F-3CC6-4A20-A231-DF8FEE5197F7}
[2012.04.29 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{72EED3EA-7BDE-481A-8E18-900730DB8594}
[2012.04.29 19:04:32 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{64A1F207-975F-45E4-B67A-F1F22D84D1FC}
[2012.04.29 17:42:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{92D84984-088D-4236-AD37-2D8E74DF3012}
[2012.04.29 17:42:27 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C7BBD6F1-E862-4478-AD92-B27E925CAAE3}
[2012.04.29 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.04.29 17:15:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.04.29 16:39:43 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A8F475F1-2464-4D12-9060-242A1C7F859C}
[2012.04.29 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{57F48BC8-0DE1-418C-8AB6-DA704D94F772}
[2012.04.29 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{ACF677E0-74AE-4942-A52D-096CE1F5245E}
[2012.04.29 11:05:21 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D392FAF2-8CD2-4749-B0E8-5E3DF073E993}
[2012.04.28 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F5D8FF28-47F3-4FEE-B259-671A293BBD8B}
[2012.04.28 20:44:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{8A0C2FC6-78F5-4F2D-97DC-508031E34BB2}
[2012.04.28 17:55:59 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{332E88C5-5DE0-4C80-A5F5-A36585CB64DA}
[2012.04.28 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{60FBDAEE-D646-48A0-BB0C-5C633D4DF3BB}
[2012.04.28 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Roaming\Ubisoft
[2012.04.28 15:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.04.28 13:32:02 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{26660A58-CFF1-475C-8B9B-E9FBDF840ECA}
[2012.04.28 13:31:44 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{D61FBB96-7707-4002-B02D-DFA6F54A34AA}
[2012.04.28 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{62AE4C53-3AB8-4229-AF4C-AD42B4B25EA6}
[2012.04.28 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{1FECD79E-7FEF-4B0F-A3E4-9EB4BF34EDD4}
[2012.04.27 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{200FDD9D-4B81-45F1-BA6E-2FD82DB4ACCB}
[2012.04.27 12:43:37 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{31113462-D2A1-420C-9570-28D74C804005}
[2012.04.26 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{EA2892F2-0082-4EA6-A035-06C64D03E9A8}
[2012.04.26 21:47:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{90F22394-642F-4246-AB1B-4A9C68994F10}
[2012.04.26 09:48:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{9CCE25FA-E9A9-4907-9843-13D50C15B65F}
[2012.04.26 09:47:42 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C3112C48-72B0-44BA-8587-A4E5FDCA40ED}
[2012.04.25 17:21:20 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{A81EF66B-4951-4292-A390-2FEAB761E0E9}
[2012.04.25 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{E4B9E9E7-D980-46A0-B10E-441D0ED33557}
[2012.04.24 17:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.04.24 17:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge
[2012.04.24 14:01:05 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{F63C57CD-FC7A-444B-9CB4-1A74E760BD8B}
[2012.04.24 14:00:46 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{77DE4987-A870-4A10-A210-78FFC496B69F}
[2012.04.23 15:40:36 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{3AB4899A-290E-4823-BFBA-681BC0D2BEEB}
[2012.04.23 15:40:17 | 000,000,000 | ---D | C] -- C:\Users\Zooey Deschanel\AppData\Local\{C55F0C7A-16F2-48C1-AB43-9B27EEC04838}
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 11:36:11 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:36:11 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 11:35:22 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.22 11:35:22 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.22 11:35:22 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.22 11:35:22 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.22 11:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 11:28:54 | 2616,532,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.20 11:23:50 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.19 01:27:58 | 000,001,854 | ---- | M] () -- C:\Users\Zooey Deschanel\Desktop\Spotify.lnk
[2012.05.13 03:19:53 | 000,300,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 18:44:46 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 18:44:46 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.20 11:15:18 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.19 01:27:58 | 000,001,854 | ---- | C] () -- C:\Users\Zooey Deschanel\Desktop\Spotify.lnk
[2012.05.19 01:27:58 | 000,001,840 | ---- | C] () -- C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.04.29 17:15:43 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.05 13:20:12 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.11.03 17:22:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.03 17:22:47 | 000,028,763 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== LOP Check ==========
 
[2012.04.01 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\.minecraft
[2012.03.02 20:47:24 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Amazon
[2011.11.03 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\LolClient
[2011.11.20 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\OpenOffice.org
[2012.03.24 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Origin
[2011.11.20 22:45:09 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\PhotoFiltre
[2011.11.11 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Samsung
[2012.05.22 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify
[2012.04.23 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\TS3Client
[2012.04.28 15:14:58 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Ubisoft
[2012.02.02 01:43:31 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\uTorrent
[2012.04.21 18:43:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.01 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\.minecraft
[2011.11.24 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Adobe
[2012.03.02 20:47:24 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Amazon
[2011.12.18 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Apple Computer
[2011.11.03 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Avira
[2011.11.03 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Identities
[2011.11.03 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\LolClient
[2011.11.03 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Macromedia
[2012.01.06 17:06:14 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Media Center Programs
[2012.02.05 13:18:43 | 000,000,000 | --SD | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Microsoft
[2011.11.03 18:18:20 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Mozilla
[2012.01.07 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\NVIDIA
[2011.11.20 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\OpenOffice.org
[2012.03.24 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Origin
[2011.11.20 22:45:09 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\PhotoFiltre
[2011.11.11 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Samsung
[2012.05.20 21:42:09 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Skype
[2012.05.22 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify
[2012.04.23 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\TS3Client
[2012.04.28 15:14:58 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\Ubisoft
[2012.02.02 01:43:31 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\uTorrent
[2011.11.04 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\vlc
[2011.11.05 18:21:27 | 000,000,000 | ---D | M] -- C:\Users\Zooey Deschanel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.19 01:27:58 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\spotify.exe
[2012.05.19 01:27:57 | 000,932,528 | ---- | M] () -- C:\Users\Zooey Deschanel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

MfG,

Levi

19.05.2012, 11:59	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	#Nach Virus keine Icons auf dem Desktop mehr! Du kannst alle Logs zippen und hier anhängen __________________ Logfiles bitte immer in CODE-Tags posten

19.05.2012, 13:57	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	#Nach Virus keine Icons auf dem Desktop mehr! Hast du noch weitere Logs mit Funden? __________________ --> #Nach Virus keine Icons auf dem Desktop mehr!

22.05.2012, 13:21	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	#Nach Virus keine Icons auf dem Desktop mehr! Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

#Nach Virus keine Icons auf dem Desktop mehr!

Plagegeister aller Art und deren Bekämpfung: #Nach Virus keine Icons auf dem Desktop mehr!