| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Searchnu.com/410Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2013, 13:21
| #1 |
 |  Searchnu.com/410 Hello! Ich habe mir leider ebenfalls den Searchnu.com/410 (Was ist das eig.? Virus?Trojaner?Wurm?  ) eingefangen und bräuchte eure Hilfe da ich leider null Ahnung von Computern aller Art habe. Mit Spybot S&D habe ich einiges gefunden (iLivid heißen die Dateien glaube ich) und leider auch schon gelöscht, da ich erst nachher auf eure seite gestoßen bin. Was kann ich machen, dass ich wieder Sorgen- und Virenfrei bin? Danke für eure Hilfe |
|
03.06.2013, 13:23
| #2 |
| /// TB-Ausbilder   | Searchnu.com/410 Hi,
__________________ist nur ein bisschen Adware. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
03.06.2013, 15:43
| #3 |
| | Searchnu.com/410 Hi Leo,
__________________danke für deine superschnelle Antwort :-) Also das Log vom AdwCleaner ist Code:
ATTFilter # AdwCleaner v2.301 - Datei am 03/06/2013 um 16:14:13 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Georg Schiel - GEORGIE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Georg Schiel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Alina\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Georg Schiel\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Georg Schiel\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Georg Schiel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.28] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTer[...]
Gelöscht [l.2171] : homepage = "hxxp://www.searchnu.com/410",
Gelöscht [l.2384] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/410" ]
*************************
AdwCleaner[S1].txt - [7199 octets] - [03/06/2013 16:14:13]
########## EOF - C:\AdwCleaner[S1].txt - [7259 octets] ##########
Code:
ATTFilter OTL logfile created on: 03.06.2013 16:24:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg Schiel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,21% Memory free 7,48 Gb Paging File | 5,57 Gb Available in Paging File | 74,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 253,10 Gb Free Space | 60,00% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 27,94 Gb Free Space | 96,38% Space Free | Partition Type: NTFS Computer Name: GEORGIE | User Name: Georg Schiel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.03 16:23:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg Schiel\Desktop\OTL.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.01.12 00:03:29 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.12.20 19:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.20 19:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.12.20 19:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.09.11 13:49:56 | 000,364,400 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe PRC - [2010.09.11 13:49:40 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe PRC - [2010.05.28 05:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe PRC - [2010.05.28 05:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe PRC - [2010.05.28 05:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe PRC - [2010.03.11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 00:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2010.01.19 04:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2009.09.30 14:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 14:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013.05.30 16:30:39 | 018,022,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7a89b81a9a5c4a57d2b1b152beb9b481\PresentationFramework.ni.dll MOD - [2013.05.30 16:30:19 | 011,522,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\69236ea8029652460eff6fc27bfc742c\PresentationCore.ni.dll MOD - [2013.05.30 16:30:01 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e9784f6667e92cb4d3bc01731c8a3310\System.Configuration.ni.dll MOD - [2013.05.30 16:29:59 | 007,070,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll MOD - [2013.05.30 16:29:58 | 003,883,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\45c1597cf0c989dbbfdc5e3cb067306f\WindowsBase.ni.dll MOD - [2013.05.30 16:20:36 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.30 16:20:12 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.30 16:20:00 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.03.05 20:23:11 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll MOD - [2013.02.07 23:28:33 | 001,812,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll MOD - [2013.02.06 21:30:54 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll MOD - [2013.02.06 21:30:46 | 009,095,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll MOD - [2013.02.06 21:30:39 | 014,417,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll MOD - [2013.01.14 23:31:36 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 16:37:12 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013.01.12 15:39:45 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.12 15:39:20 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.12 15:39:15 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.12 15:39:07 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.17 06:28:08 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.05.14 21:35:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.11 13:49:40 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help) SRV - [2010.05.28 05:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010.05.28 05:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.02.05 16:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.30 14:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 14:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.03.07 01:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.27 10:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 10:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 10:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012.06.27 10:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.03.26 21:52:05 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.14 20:42:50 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.16 23:50:41 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF) DRV:64bit: - [2010.11.16 23:34:50 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:64bit: - [2010.11.16 23:34:47 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2010.11.16 23:34:47 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2010.11.16 23:34:47 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2010.05.10 12:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.03.26 11:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.24 11:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.25 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.01.15 20:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.03.25 22:12:35 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deAT434 IE - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.28 16:54:46 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3525838906-936932061-1642996551-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3525838906-936932061-1642996551-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-3525838906-936932061-1642996551-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-3525838906-936932061-1642996551-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-3525838906-936932061-1642996551-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333A0259-731E-46AF-BDB7-81A036CFF03A}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{41a7ed6e-7776-11e1-988e-f0def1290a37}\Shell - "" = AutoRun O33 - MountPoints2\{41a7ed6e-7776-11e1-988e-f0def1290a37}\Shell\AutoRun\command - "" = G:\CD_Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 16:23:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg Schiel\Desktop\OTL.exe [2013.05.30 16:39:19 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.05.30 16:39:19 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2013.05.30 16:39:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2013.05.30 16:39:19 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2013.05.30 16:39:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.30 16:39:19 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2013.05.30 16:39:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.30 16:39:19 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2013.05.30 16:39:19 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.05.30 16:39:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll [2013.05.30 16:39:19 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2013.05.30 16:39:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2013.05.30 16:39:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll [2013.05.30 16:39:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2013.05.30 16:39:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2013.05.30 16:39:19 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2013.05.30 16:39:19 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.05.30 16:39:19 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2013.05.30 16:39:19 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2013.05.30 16:39:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2013.05.30 16:39:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.30 16:39:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.30 16:39:19 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2013.05.30 16:39:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.05.30 16:39:19 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2013.05.30 16:39:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.30 16:39:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2013.05.30 16:39:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2013.05.30 16:39:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.30 16:39:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2013.05.30 16:39:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2013.05.30 16:39:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.30 16:39:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2013.05.30 16:39:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2013.05.30 16:39:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.30 16:39:18 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.05.30 16:39:18 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2013.05.30 16:39:18 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2013.05.30 16:39:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.30 16:39:18 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2013.05.30 16:39:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.30 16:39:18 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.05.30 16:39:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.30 16:39:18 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2013.05.30 16:39:18 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2013.05.30 16:39:18 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2013.05.30 16:39:18 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.05.30 16:39:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.05.30 16:39:18 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2013.05.30 16:39:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2013.05.30 16:39:18 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2013.05.30 16:39:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.30 16:39:18 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2013.05.30 16:39:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2013.05.30 16:39:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2013.05.30 16:39:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.05.30 16:39:18 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2013.05.30 16:39:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2013.05.30 16:39:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2013.05.30 16:39:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.30 16:39:18 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2013.05.30 16:39:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.30 16:39:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2013.05.30 16:39:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2013.05.30 16:39:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.30 16:39:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2013.05.30 16:39:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2013.05.30 16:39:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2013.05.30 16:36:57 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll [2013.05.30 16:36:57 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll [2013.05.30 16:36:57 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll [2013.05.30 16:36:57 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll [2013.05.30 16:36:57 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll [2013.05.30 16:36:57 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2013.05.30 16:36:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013.05.30 16:36:57 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll [2013.05.30 16:36:57 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll [2013.05.30 16:36:57 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll [2013.05.30 16:36:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2013.05.30 16:36:57 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll [2013.05.30 16:36:57 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2013.05.30 16:36:57 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll [2013.05.30 16:36:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll [2013.05.30 16:36:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2013.05.30 16:36:57 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll [2013.05.30 16:36:57 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll [2013.05.30 16:36:57 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll [2013.05.30 16:36:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll [2013.05.30 16:36:57 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll [2013.05.30 16:36:57 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll [2013.05.30 16:36:57 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll [2013.05.30 16:36:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.30 16:36:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.30 16:36:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.30 16:36:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.30 16:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.30 16:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.30 16:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.30 16:36:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.30 16:36:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.15 17:46:22 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.15 17:46:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.15 17:45:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.15 17:45:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.15 17:45:57 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.15 17:45:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.15 17:45:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.04 23:07:24 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll [2013.05.04 20:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.03 16:25:17 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 16:25:17 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 16:23:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg Schiel\Desktop\OTL.exe [2013.06.03 16:18:46 | 000,001,118 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.03 16:17:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.03 16:17:26 | 3010,863,104 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 16:15:01 | 000,000,115 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013.06.03 16:13:30 | 000,632,031 | ---- | M] () -- C:\Users\Georg Schiel\Desktop\adwcleaner.exe [2013.06.03 16:12:01 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 15:51:52 | 000,050,477 | ---- | M] () -- C:\Users\Georg Schiel\Desktop\Defogger.exe [2013.06.03 15:44:30 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.02 13:48:05 | 487,390,361 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.06.02 12:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Georg Schiel\defogger_reenable [2013.06.01 22:08:59 | 753,663,120 | ---- | M] () -- C:\Users\Georg Schiel\Documents\Image.C00 [2013.06.01 22:08:59 | 000,002,012 | ---- | M] () -- C:\Users\Georg Schiel\Documents\Image.RIF [2013.06.01 22:08:16 | 000,000,124 | ---- | M] () -- C:\Users\Georg Schiel\Documents\Image.p2i [2013.06.01 15:18:51 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.01 15:18:51 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.01 15:18:51 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.01 15:18:51 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.01 15:18:51 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.30 17:08:30 | 000,294,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.30 16:39:19 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.05.30 16:39:19 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2013.05.30 16:39:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2013.05.30 16:39:19 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2013.05.30 16:39:19 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.30 16:39:19 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2013.05.30 16:39:19 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.30 16:39:19 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2013.05.30 16:39:19 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.05.30 16:39:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll [2013.05.30 16:39:19 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2013.05.30 16:39:19 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2013.05.30 16:39:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll [2013.05.30 16:39:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2013.05.30 16:39:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2013.05.30 16:39:19 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2013.05.30 16:39:19 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.05.30 16:39:19 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2013.05.30 16:39:19 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2013.05.30 16:39:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2013.05.30 16:39:19 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.30 16:39:19 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.30 16:39:19 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2013.05.30 16:39:19 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.05.30 16:39:19 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2013.05.30 16:39:19 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.30 16:39:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2013.05.30 16:39:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2013.05.30 16:39:19 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.30 16:39:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2013.05.30 16:39:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2013.05.30 16:39:19 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.30 16:39:19 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf [2013.05.30 16:39:19 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2013.05.30 16:39:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2013.05.30 16:39:18 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.30 16:39:18 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.05.30 16:39:18 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2013.05.30 16:39:18 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2013.05.30 16:39:18 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.30 16:39:18 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2013.05.30 16:39:18 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.30 16:39:18 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.05.30 16:39:18 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.30 16:39:18 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2013.05.30 16:39:18 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2013.05.30 16:39:18 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2013.05.30 16:39:18 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.05.30 16:39:18 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.05.30 16:39:18 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2013.05.30 16:39:18 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2013.05.30 16:39:18 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2013.05.30 16:39:18 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.30 16:39:18 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2013.05.30 16:39:18 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2013.05.30 16:39:18 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2013.05.30 16:39:18 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.05.30 16:39:18 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2013.05.30 16:39:18 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2013.05.30 16:39:18 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2013.05.30 16:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.30 16:39:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2013.05.30 16:39:18 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.30 16:39:18 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2013.05.30 16:39:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2013.05.30 16:39:18 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.30 16:39:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2013.05.30 16:39:18 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf [2013.05.30 16:39:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2013.05.30 16:39:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2013.05.30 16:36:57 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll [2013.05.30 16:36:57 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll [2013.05.30 16:36:57 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll [2013.05.30 16:36:57 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll [2013.05.30 16:36:57 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll [2013.05.30 16:36:57 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2013.05.30 16:36:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013.05.30 16:36:57 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll [2013.05.30 16:36:57 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll [2013.05.30 16:36:57 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll [2013.05.30 16:36:57 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2013.05.30 16:36:57 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll [2013.05.30 16:36:57 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2013.05.30 16:36:57 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll [2013.05.30 16:36:57 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll [2013.05.30 16:36:57 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2013.05.30 16:36:57 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll [2013.05.30 16:36:57 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll [2013.05.30 16:36:57 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll [2013.05.30 16:36:57 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll [2013.05.30 16:36:57 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll [2013.05.30 16:36:57 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll [2013.05.30 16:36:57 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll [2013.05.30 16:36:57 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.30 16:36:57 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.30 16:36:57 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.30 16:36:57 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.30 16:36:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.30 16:36:57 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.30 16:36:57 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.30 16:36:57 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.30 16:36:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.30 16:36:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.30 16:36:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.28 16:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013.05.26 18:16:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.14 21:35:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.05.14 21:35:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.11 23:12:59 | 000,002,192 | ---- | M] () -- C:\Users\Georg Schiel\Desktop\autoexec.cfg [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013.05.04 23:07:25 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 16:14:27 | 000,000,115 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013.06.03 16:13:29 | 000,632,031 | ---- | C] () -- C:\Users\Georg Schiel\Desktop\adwcleaner.exe [2013.06.03 15:51:47 | 000,050,477 | ---- | C] () -- C:\Users\Georg Schiel\Desktop\Defogger.exe [2013.06.02 12:59:26 | 000,000,168 | ---- | C] () -- C:\Users\Georg Schiel\defogger_reenable [2013.06.01 18:15:47 | 753,663,120 | ---- | C] () -- C:\Users\Georg Schiel\Documents\Image.C00 [2013.06.01 18:15:47 | 000,002,012 | ---- | C] () -- C:\Users\Georg Schiel\Documents\Image.RIF [2013.06.01 18:15:47 | 000,000,124 | ---- | C] () -- C:\Users\Georg Schiel\Documents\Image.p2i [2013.05.30 16:39:19 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2013.05.30 16:39:18 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2013.05.11 23:12:59 | 000,002,192 | ---- | C] () -- C:\Users\Georg Schiel\Desktop\autoexec.cfg [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.01.10 23:27:26 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2012.01.10 23:27:26 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2012.01.10 23:27:26 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2012.01.10 22:29:54 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011.06.14 20:42:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\acedrv07.dll [2011.06.12 00:50:44 | 001,527,912 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1DEE6B65 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D0757AAB < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 16:24:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg Schiel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,21% Memory free
7,48 Gb Paging File | 5,57 Gb Available in Paging File | 74,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 253,10 Gb Free Space | 60,00% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 27,94 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
Computer Name: GEORGIE | User Name: Georg Schiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3525838906-936932061-1642996551-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BAE59A-1B87-47AB-B145-E745995B0AF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D83F65F-5337-4A9C-81F9-20221620872B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FA71EC9-28B5-43E3-9138-C5C90DEC847A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37EE6BF4-5BFC-42E3-BB74-9A4E37BD1F7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48C38A74-9DBF-4570-905F-C457443110BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{524C20D5-EC84-474C-8DA9-68B672B7A963}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5422C02B-F815-4260-B456-0C696D122042}" = rport=138 | protocol=17 | dir=out | app=system |
"{5A2C84EA-0FBF-49D7-AB35-8C675C9EB313}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{62848569-BE82-4CF4-A898-F9722569F761}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66C3DD14-6FFC-4A93-A185-1E066ADD68F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{74F874C5-01F6-4972-95C7-041F0F8A1007}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DB67CF1-2907-4E33-8B25-3F0D75950BFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9BF81ABE-32C5-4090-8F4D-C1F2265A3E64}" = rport=445 | protocol=6 | dir=out | app=system |
"{A18FF15D-D9FC-49D9-9D76-C9220693CBF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B462D920-9BEB-4C35-8F6F-5E474A2DAD26}" = lport=445 | protocol=6 | dir=in | app=system |
"{C955B5ED-CDF9-4E04-96C9-6F1054AA0B57}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB4B19FA-1F85-479E-9501-3C4741F20EB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBB8E803-33A9-4E73-B045-B8455CBF5336}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1D453F6-BEE2-4626-B61D-27CC2F30BDAF}" = lport=138 | protocol=17 | dir=in | app=system |
"{D398A562-26F5-4D48-8508-15C52EAA17C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB9F8A64-F37E-4F3E-B70E-B60C77B4C358}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE971B41-3445-4A77-80FC-6C3DDEEC4751}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F48DC40A-590E-4C9B-ADDB-D8409622FEF2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F6AA4A40-4850-432F-AD9C-78476E155721}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FDD8B09D-1D87-4EE6-865A-D39D50F29CF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0475BE07-7C96-4AEF-B3A3-23F42140C8D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0B65D503-6206-47EE-AD52-0588A7D1F1A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14FB9A09-1A7E-4690-BD82-B64DD16643A2}" = dir=in | app=f:\setup\hpznui40.exe |
"{15CEED8A-405D-43AF-AC79-A6318CFAFE6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17F734E2-2B56-4F6D-BDC0-655B84853851}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{18DF938B-CF7D-4FEC-90DC-A0BB4CA0B5BE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1E2F694F-0A73-4597-99D4-BC97015DA62B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EE26A86-E226-4E15-BE74-0A10F0BDF601}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{23F92C67-9ABC-48AF-83E6-DF0BD21C1A71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26C9D8F4-0A23-4A11-A98D-474BDB8CC2EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{28D00967-DB0D-4384-B6A7-60D2A02DCA17}" = protocol=6 | dir=out | app=system |
"{32F52454-3B9A-462C-9204-7F6F68EA34D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{38F11EA5-A7B9-4C84-96B9-765B4B64A4F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F021133-A5F9-4E84-9916-D4130B53ABD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41128856-B49A-4EB4-99FB-4D2C8A7821AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5154CD0F-1D10-49D4-A9EB-E6F8B930AB49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{541FA919-F6B9-4323-AA65-0D2F14EE58F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5899F4AD-E392-4E33-B547-EE32FB13C147}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{6396584E-C3A7-45EB-B147-2B6C8C816E04}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65DA0B42-B888-4BA9-938C-0D235A9703A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{6BA3984D-8878-4482-9537-0EE4171ABB62}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{708F006F-6709-4393-A9F4-D5A61F7A654A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{78BE7300-349C-4659-BA70-4D28268B83C9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{795A8032-92E4-4175-A3C1-4B2AC38B7EBE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{88243620-2D29-46C5-8DB3-C378AD2EBB13}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8E4791F9-A484-4F3B-A56F-8FAA7EAF4DE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{955263DF-D18F-4F5D-9CFA-AEBCCFE9A58F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C43045D-FEAB-4413-800B-F07BEDBE3DF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F0C0CFF-CA1E-43E1-BAC7-6DFDEC0591FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A00C4ABF-DB53-44AE-B2D8-1A0787AD8BD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA1298D4-BBF3-4C4E-8857-3D6B5E1DE48B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C5BFF65E-F70E-4354-8FDE-16BE9E37A85F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D9DC4D23-BDB0-4535-942C-69E0CF1CE665}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E141F750-84FE-4044-9110-5790991A7E96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E32F077A-E856-4393-9CBF-FB3C54BD27A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE6F5D77-E818-48FE-8170-34152EC61F72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AD0727-7CF8-4AA5-B10A-F63AEB68BB93}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FB114433-FFB1-4D85-A1DF-83CFC36F159A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{FCF5A2E7-7E43-4FD2-8ED2-1080E38D2C4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FEDDA012-869B-483A-B48E-FB0CC9943E9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{01280073-86FE-4B80-8DC2-0A65196C2B38}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{227E5013-EFBF-4E19-8F6B-007EA1E59D3F}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{7B95272A-FD4B-423E-8151-C0E47E24DE87}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{91DF2B59-6294-42C2-82A0-F333339B2B1A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C823606E-66CA-4CE6-9817-B4B46EB1796D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CDE7FF34-48FF-4458-9380-7F02BA4F8A1E}C:\users\georg schiel\desktop\privat\wiggles goes win7\crack\wiggles.exe" = protocol=6 | dir=in | app=c:\users\georg schiel\desktop\privat\wiggles goes win7\crack\wiggles.exe |
"TCP Query User{F57A0D4F-DF83-4995-BC5C-D92E17A42C3F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{33C99786-A659-401C-B30C-B9BB8602B24E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{804B7D40-7931-4CD5-BAAB-95C05B41EEFC}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{B5527DDA-F8C0-4D85-8A08-F1E293BE3BA6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{BA136F56-8390-4D71-8B09-522DF7B6972F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C0125177-EC94-4AEB-8890-FEB18060A865}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E7BD0FCE-F94B-44F0-9F50-FC94F89E4B0B}C:\users\georg schiel\desktop\privat\wiggles goes win7\crack\wiggles.exe" = protocol=17 | dir=in | app=c:\users\georg schiel\desktop\privat\wiggles goes win7\crack\wiggles.exe |
"UDP Query User{F3DC945E-E4ED-466A-BD41-EDD436C93392}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.7
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{88CD8904-6246-4057-820F-C393DACF6B21}" = Governor of Poker 2
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ScummVM_is1" = ScummVM 0.12.0
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3525838906-936932061-1642996551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2013 10:19:09 | Computer Name = GeorgSchiel-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 30.05.2013 10:22:50 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba21f5d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x2e68 Startzeit der fehlerhaften Anwendung: 0x01ce5d4128c57684
Pfad
der fehlerhaften Anwendung: C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 6801e893-c934-11e2-a685-f0def1290a37
Error - 30.05.2013 10:23:01 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba21f5d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x180c Startzeit der fehlerhaften Anwendung: 0x01ce5d4130eaabf4
Pfad
der fehlerhaften Anwendung: C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 6e9bf995-c934-11e2-a685-f0def1290a37
Error - 30.05.2013 10:25:15 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015,
Zeitstempel: 0x50b826c0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x2ae8 Startzeit der fehlerhaften Anwendung: 0x01ce5d417fd28949
Pfad
der fehlerhaften Anwendung: C:\windows\system32\conhost.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: bea17c0b-c934-11e2-a685-f0def1290a37
Error - 30.05.2013 10:25:16 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015,
Zeitstempel: 0x50b826c0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x2694 Startzeit der fehlerhaften Anwendung: 0x01ce5d41813ebbd3
Pfad
der fehlerhaften Anwendung: C:\windows\system32\conhost.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: bef26ad4-c934-11e2-a685-f0def1290a37
Error - 30.05.2013 10:29:37 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba21f5d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x2c8c Startzeit der fehlerhaften Anwendung: 0x01ce5d421caebd84
Pfad
der fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 5acf01ca-c935-11e2-a685-f0def1290a37
Error - 30.05.2013 10:41:17 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dismhost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc390 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x2db0 Startzeit der fehlerhaften Anwendung: 0x01ce5d43bddb487d
Pfad
der fehlerhaften Anwendung: C:\windows\TEMP\CEF8C66F-6802-47F3-8C0E-F78765030EAB\dismhost.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: fc2115cc-c936-11e2-a685-f0def1290a37
Error - 30.05.2013 13:26:07 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba21f5d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x3554 Startzeit der fehlerhaften Anwendung: 0x01ce5d5ac26df6dc
Pfad
der fehlerhaften Anwendung: C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 02fcdd98-c94e-11e2-8c01-f0def1290a37
Error - 30.05.2013 13:28:10 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba21f5d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x38c8 Startzeit der fehlerhaften Anwendung: 0x01ce5d5b0e984fe8
Pfad
der fehlerhaften Anwendung: C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 4c51468e-c94e-11e2-8c01-f0def1290a37
Error - 30.05.2013 15:16:16 | Computer Name = GeorgSchiel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x4508 Startzeit der fehlerhaften Anwendung: 0x01ce5d6a284073ac
Pfad
der fehlerhaften Anwendung: C:\windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 664c7425-c95d-11e2-8c01-f0def1290a37
< End of report >
|
|
03.06.2013, 19:29
| #4 |
| /// TB-Ausbilder | Searchnu.com/410 Ist jetz noch was von searchnu (oder sonst was Störendem) zu sehen? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1DEE6B65
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D0757AAB
:files
C:\Program Files (x86)\Windows Searchqu Toolbar
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
03.06.2013, 23:28
| #5 |
| | Searchnu.com/410 Hi, also ich kann nichts Außergewöhnliches mehr erkennen. Danke  Die Logs sind OTL: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:1DEE6B65 deleted successfully.
ADS C:\ProgramData\Temp:D0757AAB deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Alina
->Temp folder emptied: 140499780 bytes
->Temporary Internet Files folder emptied: 146375544 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 108503805 bytes
->Flash cache emptied: 22314 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Georg Schiel
->Temp folder emptied: 14228801 bytes
->Temporary Internet Files folder emptied: 54710263 bytes
->Java cache emptied: 305303 bytes
->Google Chrome cache emptied: 15460266 bytes
->Flash cache emptied: 619 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 706472 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42314130 bytes
RecycleBin emptied: 1941 bytes
Total Files Cleaned = 499,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_215302
Files\Folders moved on Reboot...
C:\Users\Georg Schiel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georg Schiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Georg Schiel :: GEORGIE [Administrator] Schutz: Aktiviert 03.06.2013 22:06:23 mbam-log-2013-06-03 (22-06-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236388 Laufzeit: 3 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3f7284b4d9047641a0a363ab39613e9e
# engine=13985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-03 10:08:57
# local_time=2013-06-04 12:08:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 544244 147007209 0 0
# compatibility_mode=5893 16776573 100 94 169909 121927187 0 0
# scanned=173469
# found=0
# cleaned=0
# scan_time=6457
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 9 Adobe Reader XI Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
03.06.2013, 23:48
| #6 |
| /// TB-Ausbilder | Searchnu.com/410 Das sieht alles gut aus bei dir. Richtige Malware ist keine zu sehen und deine Software ist auch aktuell.  Räumen wir auf. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ --> Searchnu.com/410 |
|
05.06.2013, 09:42
| #7 |
| | Searchnu.com/410 Hi Leo, leider kann ich den letzten Schritt nicht ausführen. Ich wollte am Mogen den PC hochfahren und nach der Passworteingabe bleibt er im Wilkommenbildschirm "hängen". Auch ein ordentliches Runterfahren ist nicht möglich. Kann das irgendwie im Zusammenhang mit diesem Searchnu-Zeug od. dem Bereinigen stehen? In den Abgesicherten Modus komme ich rein und von dort lässt er sich auch ordentlich abdrehen. Nur halt im "normalen" Startmodus funkt nix. Habe Win 7 Home 64bit Vers. Könntest du mir eventuell einen Tipp geben was ich falsch gemacht haben könnte oder wie ich meinen lieben Blechdeppen wieder zumlaufen bringen kann? LG Georgie ps. Danke für den Link - gespendet wird auf jedne Fall ;-) |
|
05.06.2013, 10:40
| #8 |
| /// TB-Ausbilder | Searchnu.com/410 Hi, das sollte eigentlich weder mit searchnu noch mit der Bereinigung zusammenhängen. Wir haben hier nichts richtig Invasives gemacht, was das System beim Aufstarten ins Straucheln bringen könnte.. Schauen wir mal von aussen rein: Schritt 1 Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!). Schliesse den USB Stick an den infizierten Rechner an. Du musst das System nun in die System Reparatur Option booten: Variante 1 - Über den Boot Manager Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
06.06.2013, 16:22
| #9 |
| | Searchnu.com/410 Hallo Leo, danke dass du dich auch dieser Sache annimmst :-) das Logfile von FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-06-2013 01 Ran by SYSTEM on 06-06-2013 17:18:20 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10821224 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2598280 2010-03-28] (ELAN Microelectronics Corp.) HKLM\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-09-30] () HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-18] (Vimicro) HKLM-x32\...\Run: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe" [376176 2010-05-27] (Egis Technology Inc. ) HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-03-02] (CyberLink Corp.) HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.) HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [364400 2010-09-11] (Egis Technology Inc. ) HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Alina\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-01] (Google Inc.) HKU\Default\...\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation) HKU\Default User\...\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation) HKU\Georg Schiel\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Georg Schiel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883840 2009-07-26] (Microsoft Corporation) HKU\Georg Schiel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-01] (Google Inc.) HKU\Georg Schiel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1476104 2012-12-20] (Samsung) HKU\Georg Schiel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Georg Schiel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung) AppInit_DLLs: [0 ] () Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [314736 2010-05-27] (Egis Technology Inc. ) S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-09-11] (Egis Technology Inc. ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S1 acedrv07; C:\windows\system32\drivers\acedrv07.sys [125440 2011-06-14] () S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software) S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] () S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-26] (DT Soft Ltd) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-06 17:18 - 2013-06-06 17:18 - 00000000 ____D C:\FRST 2013-06-03 14:24 - 2013-06-03 14:24 - 00001025 ____A C:\Users\Georg Schiel\Desktop\checkup.txt 2013-06-03 14:21 - 2013-06-03 14:21 - 00890839 ____A C:\Users\Georg Schiel\Desktop\SecurityCheck.exe 2013-06-03 12:12 - 2013-06-03 12:12 - 02347384 ____A (ESET) C:\Users\Georg Schiel\Desktop\esetsmartinstaller_enu.exe 2013-06-03 12:02 - 2013-06-03 12:02 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\Users\Georg Schiel\AppData\Roaming\Malwarebytes 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-03 12:02 - 2013-04-04 04:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-03 12:01 - 2013-06-03 12:02 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Georg Schiel\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-03 11:59 - 2013-06-03 11:59 - 00013178 ____A C:\Users\Georg Schiel\Desktop\06032013_215302.log 2013-06-03 11:53 - 2013-06-03 11:53 - 00000000 ____D C:\_OTL 2013-06-03 11:52 - 2013-06-03 11:52 - 00000000 ____D C:\Users\Georg Schiel\Desktop\^1 2013-06-03 06:23 - 2013-06-03 06:23 - 00602112 ____A (OldTimer Tools) C:\Users\Georg Schiel\Desktop\OTL.exe 2013-06-03 06:14 - 2013-06-03 06:15 - 00007306 ____A C:\AdwCleaner[S1].txt 2013-06-03 06:14 - 2013-06-03 06:15 - 00000115 ____A C:\Windows\DeleteOnReboot.bat 2013-06-03 06:13 - 2013-06-03 06:13 - 00632031 ____A C:\Users\Georg Schiel\Desktop\adwcleaner.exe 2013-06-03 05:51 - 2013-06-03 05:51 - 00050477 ____A C:\Users\Georg Schiel\Desktop\Defogger.exe 2013-06-02 03:48 - 2013-06-02 03:48 - 00262144 ____A C:\Windows\Minidump\060213-31543-01.dmp 2013-06-02 03:33 - 2013-06-02 03:33 - 00262144 ____A C:\Windows\Minidump\060213-36473-01.dmp 2013-06-02 02:59 - 2013-06-02 02:59 - 00000168 ____A C:\Users\Georg Schiel\defogger_reenable 2013-06-01 08:15 - 2013-06-01 12:08 - 753663120 ____A C:\Users\Georg Schiel\Documents\Image.C00 2013-06-01 08:15 - 2013-06-01 12:08 - 00002012 ____A C:\Users\Georg Schiel\Documents\Image.RIF 2013-06-01 08:15 - 2013-06-01 12:08 - 00000124 ____A C:\Users\Georg Schiel\Documents\Image.p2i 2013-05-30 06:39 - 2013-05-30 06:39 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-30 06:39 - 2013-05-30 06:39 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-30 06:39 - 2013-05-30 06:39 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-30 06:39 - 2013-05-30 06:39 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-30 06:39 - 2013-05-30 06:39 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-05-30 06:39 - 2013-05-30 06:39 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-30 06:39 - 2013-05-30 06:39 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-30 06:39 - 2013-05-30 06:39 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-05-30 06:39 - 2013-05-30 06:39 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-30 06:39 - 2013-05-30 06:39 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-05-30 06:39 - 2013-05-30 06:39 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-05-30 06:36 - 2013-05-30 06:36 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 06:34 - 2013-05-30 06:46 - 00010360 ____A C:\Windows\IE10_main.log 2013-05-15 07:46 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 07:46 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 07:46 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 07:46 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 07:45 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 07:45 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 07:45 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 07:45 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 07:45 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 07:45 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 07:45 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 07:45 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 07:45 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 07:45 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-11 13:12 - 2013-05-11 13:12 - 00002192 ____A C:\Users\Georg Schiel\Desktop\autoexec.cfg ==================== One Month Modified Files and Folders ======= 2013-06-06 17:18 - 2013-06-06 17:18 - 00000000 ____D C:\FRST 2013-06-06 07:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-06 07:06 - 2009-07-13 20:51 - 00095196 ____A C:\Windows\setupact.log 2013-06-05 13:02 - 2011-06-01 10:43 - 00001118 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-04 12:02 - 2010-11-16 13:52 - 00047446 ____A C:\Windows\PFRO.log 2013-06-03 14:34 - 2010-11-16 12:55 - 01107753 ____A C:\Windows\WindowsUpdate.log 2013-06-03 14:24 - 2013-06-03 14:24 - 00001025 ____A C:\Users\Georg Schiel\Desktop\checkup.txt 2013-06-03 14:21 - 2013-06-03 14:21 - 00890839 ____A C:\Users\Georg Schiel\Desktop\SecurityCheck.exe 2013-06-03 14:20 - 2011-06-23 08:28 - 00000000 ____D C:\Users\Georg Schiel\AppData\Roaming\vlc 2013-06-03 14:12 - 2011-06-01 10:43 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-03 13:35 - 2012-08-31 05:31 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-03 13:03 - 2012-01-22 11:59 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Spiele 2013-06-03 12:12 - 2013-06-03 12:12 - 02347384 ____A (ESET) C:\Users\Georg Schiel\Desktop\esetsmartinstaller_enu.exe 2013-06-03 12:05 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-03 12:05 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-03 12:02 - 2013-06-03 12:02 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\Users\Georg Schiel\AppData\Roaming\Malwarebytes 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-03 12:02 - 2013-06-03 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-03 12:02 - 2013-06-03 12:01 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Georg Schiel\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-03 11:59 - 2013-06-03 11:59 - 00013178 ____A C:\Users\Georg Schiel\Desktop\06032013_215302.log 2013-06-03 11:58 - 2012-10-31 15:03 - 00000000 ____D C:\Users\Georg Schiel\Tracing 2013-06-03 11:53 - 2013-06-03 11:53 - 00000000 ____D C:\_OTL 2013-06-03 11:52 - 2013-06-03 11:52 - 00000000 ____D C:\Users\Georg Schiel\Desktop\^1 2013-06-03 06:23 - 2013-06-03 06:23 - 00602112 ____A (OldTimer Tools) C:\Users\Georg Schiel\Desktop\OTL.exe 2013-06-03 06:15 - 2013-06-03 06:14 - 00007306 ____A C:\AdwCleaner[S1].txt 2013-06-03 06:15 - 2013-06-03 06:14 - 00000115 ____A C:\Windows\DeleteOnReboot.bat 2013-06-03 06:13 - 2013-06-03 06:13 - 00632031 ____A C:\Users\Georg Schiel\Desktop\adwcleaner.exe 2013-06-03 06:13 - 2013-02-06 13:19 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Telefonbuch 2013-06-03 05:51 - 2013-06-03 05:51 - 00050477 ____A C:\Users\Georg Schiel\Desktop\Defogger.exe 2013-06-02 03:48 - 2013-06-02 03:48 - 00262144 ____A C:\Windows\Minidump\060213-31543-01.dmp 2013-06-02 03:48 - 2012-01-07 07:43 - 00000000 ____D C:\Windows\Minidump 2013-06-02 03:48 - 2012-01-07 07:42 - 487390361 ____A C:\Windows\MEMORY.DMP 2013-06-02 03:33 - 2013-06-02 03:33 - 00262144 ____A C:\Windows\Minidump\060213-36473-01.dmp 2013-06-02 02:59 - 2013-06-02 02:59 - 00000168 ____A C:\Users\Georg Schiel\defogger_reenable 2013-06-02 02:59 - 2011-06-01 06:23 - 00000000 ____D C:\users\Georg Schiel 2013-06-01 14:47 - 2011-09-22 05:25 - 00000000 ____D C:\Users\Alina\AppData\Roaming\SoftGrid Client 2013-06-01 14:46 - 2011-11-12 15:15 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-01 14:30 - 2011-06-11 14:53 - 00000000 ____D C:\Users\Georg Schiel\AppData\Roaming\SoftGrid Client 2013-06-01 14:15 - 2013-01-04 14:02 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter 2013-06-01 12:08 - 2013-06-01 08:15 - 753663120 ____A C:\Users\Georg Schiel\Documents\Image.C00 2013-06-01 12:08 - 2013-06-01 08:15 - 00002012 ____A C:\Users\Georg Schiel\Documents\Image.RIF 2013-06-01 12:08 - 2013-06-01 08:15 - 00000124 ____A C:\Users\Georg Schiel\Documents\Image.p2i 2013-06-01 08:12 - 2013-01-04 14:07 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Konvertiert 2013-06-01 06:21 - 2011-06-14 21:47 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Musik 2013-06-01 05:18 - 2010-11-16 20:30 - 00654852 ____A C:\Windows\System32\perfh007.dat 2013-06-01 05:18 - 2010-11-16 20:30 - 00130434 ____A C:\Windows\System32\perfc007.dat 2013-06-01 05:18 - 2009-07-13 21:13 - 01500294 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-01 05:10 - 2011-06-14 23:46 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Privat 2013-06-01 05:09 - 2012-11-24 13:36 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Filme 2013-05-31 09:57 - 2011-06-12 00:23 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Adobe 2013-05-31 09:17 - 2011-07-19 00:48 - 00000000 ____D C:\Users\Alina\AppData\Local\Google 2013-05-31 09:17 - 2011-06-12 00:23 - 00063928 ____A C:\Users\Alina\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-30 10:56 - 2012-01-22 03:34 - 00000000 ____D C:\Users\Georg Schiel\Desktop\Hörspiele 2013-05-30 07:08 - 2009-07-13 20:45 - 00294784 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-05-30 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-05-30 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-05-30 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-05-30 07:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-05-30 06:46 - 2013-05-30 06:34 - 00010360 ____A C:\Windows\IE10_main.log 2013-05-30 06:39 - 2013-05-30 06:39 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-30 06:39 - 2013-05-30 06:39 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-30 06:39 - 2013-05-30 06:39 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-30 06:39 - 2013-05-30 06:39 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-30 06:39 - 2013-05-30 06:39 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-05-30 06:39 - 2013-05-30 06:39 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-30 06:39 - 2013-05-30 06:39 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-30 06:39 - 2013-05-30 06:39 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-05-30 06:39 - 2013-05-30 06:39 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-30 06:39 - 2013-05-30 06:39 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-05-30 06:39 - 2013-05-30 06:39 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-05-30 06:39 - 2013-05-30 06:39 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-30 06:39 - 2013-05-30 06:39 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-05-30 06:36 - 2013-05-30 06:36 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 06:36 - 2013-05-30 06:36 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-30 06:31 - 2012-08-25 03:05 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-28 06:54 - 2011-06-01 06:33 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-05-26 08:16 - 2013-03-18 11:43 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-05-14 11:35 - 2012-08-31 05:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-14 11:35 - 2011-06-01 10:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-11 13:12 - 2013-05-11 13:12 - 00002192 ____A C:\Users\Georg Schiel\Desktop\autoexec.cfg 2013-05-10 02:28 - 2010-11-16 13:36 - 00000000 ____D C:\ProgramData\Adobe 2013-05-09 00:59 - 2013-03-18 11:34 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-05-09 00:59 - 2013-03-18 11:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-05-09 00:59 - 2012-03-14 09:25 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2013-05-09 00:59 - 2011-06-01 06:33 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-05-09 00:59 - 2011-06-01 06:33 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-05-09 00:59 - 2011-06-01 06:33 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-05-09 00:59 - 2011-06-01 06:33 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-05-09 00:59 - 2011-06-01 06:33 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-05-09 00:58 - 2011-06-01 06:33 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-05-09 00:58 - 2011-06-01 06:32 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-04 10:32:36 Restore point made on: 2013-05-04 12:19:40 Restore point made on: 2013-05-04 12:56:35 Restore point made on: 2013-05-07 07:51:33 Restore point made on: 2013-05-14 00:43:07 Restore point made on: 2013-05-17 23:23:40 Restore point made on: 2013-05-21 11:24:04 Restore point made on: 2013-05-26 08:26:05 Restore point made on: 2013-05-30 06:18:08 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3828.51 MB Available physical RAM: 3220.11 MB Total Pagefile: 3826.66 MB Available Pagefile: 3206.13 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:255.72 GB) NTFS (Disk=0 Partition=2) Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.94 GB) NTFS (Disk=0 Partition=4) Drive f: (HOMMV) (CDROM) (Total:2.43 GB) (Free:0 GB) UDF Drive g: () (Removable) (Total:3.71 GB) (Free:2.83 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 45AC5924) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 0614CDFE) Partition 1: (Active) - (Size=4 GB) - (Type=06) Last Boot: 2013-05-26 12:42 ==================== End Of Log ============================ |
|
07.06.2013, 14:54
| #10 |
| /// TB-Ausbilder | Searchnu.com/410 Hallo, kommt der Rechner immer noch nicht hoch? Drücke auf einem Zweitrechner bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter AppInit_DLLs: [0 ] ()
__________________ cheers, Leo |
|
07.06.2013, 20:05
| #11 |
| | Searchnu.com/410 Hi Leo, also jetzt kommt nach der Passworteingabe das klassische "Willkommen" und danach ist nur mehr ein schwarzer Bildschirm und die Maus zu sehen ? Die kann ich zwar bewegen aber das wars auch schon.... Das Logfile Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-06-2013 01
Ran by SYSTEM at 2013-06-07 20:58:12 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
==== End of Fixlog ====
Soll ich vl. die Reparaturfuktion von Windows nutzen oder hol ich mir dann wieder die Adware rein? Danke für deine Bemühungen Liebe Grüße |
|
07.06.2013, 21:03
| #12 |
| /// TB-Ausbilder | Searchnu.com/410 Hallo, versuch mal, ob der Rechner so wieder normal startet: Starte den Rechner auf, drücke beim Start F8 (so wie du in den abgesicherten Modus gelangst) und wähle die Option Letzte als funktionierend bekannte Konfiguration.
__________________ cheers, Leo |
|
07.06.2013, 21:41
| #13 |
| | Searchnu.com/410 Hi! Jetzt komm ich zwar bei mir rein aber er hängt sich beim laden des Desktops auf. (icons tauchen auf aber in der Taskleiste komm nur das Ladezeichen) Anklicken kann ich auch nix. Liebe Grüße |
|
08.06.2013, 13:12
| #14 |
| /// TB-Ausbilder | Searchnu.com/410 Hallo, dann starte den Rechner wieder in die System Reperatur Optionen wie hier beschrieben. Wähle dann dort aber nicht mehr die Eingabeaufforderung, sondern die Option Systemstartreparatur. Hilft das etwas oder ist der Zustand danach unverändert?
__________________ cheers, Leo |
|
09.06.2013, 18:44
| #15 |
| | Searchnu.com/410 Hello, hat leider auch nicht geholfen  Er hängt wieder ewig beim Willkommen-Bildschirm. Gibt es noch eine Möglichkeit die ich versuchen könnte? Muss ich den PC ev. neu aufetzen? LG |
|
| Themen zu Searchnu.com/410 |
| ahnung, bräuchte, compu, computer, computern, dateien, ebenfalls, eingefangen, gefangen, gefunde, gelöscht, gen, glaube, hello, search, searchnu.com/410, seite, sorge, spybot, troja, trojaner, virenfrei, virus, virus?, wurm, wurm? |
Textbox. 
Linear-Darstellung
