| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Safe ModeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.03.2011, 13:45
| #1 |
| |  Windows 7 Safe Mode Hallo, ich hoffe ich bin hier richtig. Und um das gleich vorne Weg zu nehmen, ich habe bereits gegooglet und die Boardsuche genutzt, nur nix gefunden. Ich nutze Windows 7 und habe da seit kurzem das Problem, dass mein Desktophintergrund schwarz ist, ich auch keinen neuen wählen kann, außerdem funktioniert mein Taskmanager nicht mehr. Weder auf strg+shift+esc noch ist er bei alt+strg+entf erreichbar. Außerdem steht oben jetzt aufm Desktop immer "Safe Mode" jeweils links und rechts und in der Mitte "Windows 7 Ultimate...". Ich habe bereits eine "wuaucldt.exe" in meinem Benutzerverzeichnis gelöscht und eine "28609.exe" direkt in "C:\Programme", da diese von Avira AntiVir detected wurden. Nun zeigt mir Avira keine Viren mehr an und auch "Super AntiSpyware Free Edition" zeigt nichts mehr an. Genauso ist in Hijack nichts auffälliges zu sehen. Jedoch besteht das Problem mit dem Taskmanager immer noch und die Anzeige Safe Mode. Ich habe Windows bereits normal und im Abgesicherten Modus gestartet. Beide Mal selbes Ergebnis. Danke schon mal für eure Hilfe. |
|
13.03.2011, 16:00
| #2 |
| /// Malware-holic   | Windows 7 Safe Mode Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. + die avira meldungen ebenfalls
__________________ |
|
13.03.2011, 17:28
| #3 |
| | Windows 7 Safe Mode Extras.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 13.03.2011 16:37:10 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kaimei\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 35,32 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Kaimei\AppData\Local\Tempxvi.exe" = C:\Users\Kaimei\AppData\Local\Tempxvi.exe:*:Enabled:xvi
"C:\Users\Kaimei\AppData\Roamingxvi.exe" = C:\Users\Kaimei\AppData\Roamingxvi.exe:*:Enabled:xvi
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Users\Kaimei\AppData\Local\Tempxvi.exe" = C:\Users\Kaimei\AppData\Local\Tempxvi.exe:*:Enabled:xvi
"C:\Users\Kaimei\AppData\Roamingxvi.exe" = C:\Users\Kaimei\AppData\Roamingxvi.exe:*:Enabled:xvi
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F487FBB-72CA-4A33-94C4-5C4665389A29}" = Sun VirtualBox
"{C196A963-4708-430F-AF16-7F8D4FA1DF43}" = TortoiseGit 1.6.3.0 (64 bit)
"{DC5A3CA3-843E-4B2E-8809-1E51DCD41501}" = Ut Video Codec Suite x64
"HashTab" = HashTab 3.0.0
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"nbi-tomcat-6.0.26.0.0" = Apache Tomcat 6.0.26
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.7
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E60C9C0-B135-41FE-8EEA-0B021BB63234}" = AMCAP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8c6e7e24-bbc6-422c-b9d3-63932ae6a454}" = Nero 9
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97368464-B643-422D-A496-29B409988488}_is1" = TFM Audio Tool 1.2.0.0 Beta
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C71607E2-84EC-4C1F-A649-82E530920C23}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3CCFC47-72CA-46D7-97AF-341C5FFFE57B}" = Readiris Corporate 12
"{D636771E-EBF6-42F1-A6B8-3B7B27B0DE51}" = Ut Video Codec Suite x86
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F5371573-B045-4A4C-9171-6D99C8FAC876}" = Adobe After Effects CS4 Third Party Content
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.19)
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EXCEL" = Microsoft Office Excel 2007
"ffdshow_is1" = ffdshow [rev 2992] [2009-06-09]
"FileZilla Client" = FileZilla Client 3.3.4
"FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition
"FlorensiaEN" = FlorensiaEN 1.10.26
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.2
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Git_is1" = Git version 1.7.4-preview20110204
"Greenfoot_is1" = Greenfoot 2.0.0
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"GuildFTPd" = GuildFTPd FTP Deamon
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"JSmooth 0.9.9-7" = JSmooth 0.9.9-7
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"kSub" = kSub 2.2.0.0
"KVIrc" = KVIrc
"League of Legends_is1" = League of Legends
"MediaInfo" = MediaInfo 0.7.26 (32-bit)
"MeGUI" = MeGUI (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Miranda IM" = Miranda IM 0.8.21
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"Notepad++" = Notepad++
"nxclient_is1" = NX Client for Windows 3.4.0-5
"Openfire 3.6.4" = Openfire 3.6.4
"OpenVPN" = OpenVPN 2.1.1
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3b
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"POWERPOINT" = Microsoft Office PowerPoint 2007
"Psi" = Psi (remove only)
"PSPad editor_is1" = PSPad editor
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RealVNC_is1" = VNC Free Edition 4.1.3
"Ruby-186-27" = Ruby-186-27
"SAM3" = SAM Broadcaster (remove only)
"ShalSoft.GigaTribe_is1" = GigaTribe 3.01.005
"SpeedFan" = SpeedFan (remove only)
"Steam" = Steam
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"uploaded Tool 2009_is1" = uploaded Tool 2009 Version 1.0
"Usenet.nl_is1" = Usenet.nl
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"VobSub" = VobSub v2.23 (Remove Only)
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.2.7
"WORD" = Microsoft Office Word 2007
"wxWidgets_is1" = wxWidgets 2.9.1
"X-Win32" = X-Win32 4.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"653f60ff502b478e" = TS3 Admin
"Winamp Detect" = Winamp Anwendungserkennung
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2011 08:04:07 | Computer Name = Kaimei-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\Nero\Nero 9\nero photosnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 11.03.2011 10:58:18 | Computer Name = Kaimei-PC | Source = EventSystem | ID = 4621
Description =
Error - 11.03.2011 12:29:55 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0x4cc Startzeit der fehlerhaften Anwendung: 0x01cbe008ab8ac1dc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cc1dab45-4bfc-11e0-b4fe-0019db2341f0
Error - 11.03.2011 16:07:14 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Aegis64.exe, Version: 0.0.0.0, Zeitstempel:
0x4cf33fcb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5be02b Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6cd2 ID des fehlerhaften
Prozesses: 0xb58 Startzeit der fehlerhaften Anwendung: 0x01cbe024e1951c22 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\Aegis64.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 27b9097b-4c1b-11e0-b4fe-0019db2341f0
Error - 11.03.2011 16:10:58 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f50 Startzeit:
01cbdfe9596a4a15 Endzeit: 276 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
a793962d-4c1b-11e0-b4fe-0019db2341f0
Error - 11.03.2011 16:15:18 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e24 Startzeit:
01cbe02897dd97de Endzeit: 19 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
469ac048-4c1c-11e0-b4fe-0019db2341f0
Error - 11.03.2011 16:38:09 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 728 Startzeit:
01cbe0290c18fa1a Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
77714782-4c1f-11e0-b4fe-0019db2341f0
Error - 11.03.2011 16:46:45 | Computer Name = Kaimei-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4079 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bcc Startzeit:
01cbe02c3c78259b Endzeit: 36 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ab6a9401-4c20-11e0-b4fe-0019db2341f0
Error - 13.03.2011 09:54:03 | Computer Name = Kaimei-PC | Source = EventSystem | ID = 4621
Description =
Error - 13.03.2011 10:31:16 | Computer Name = Kaimei-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.3010.9,
Zeitstempel: 0x4d5e61ff Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002de64 ID des fehlerhaften
Prozesses: 0x1250 Startzeit der fehlerhaften Anwendung: 0x01cbe18b0b840807 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 8d58cb59-4d7e-11e0-8a99-0019db2341f0
[ OSession Events ]
Error - 18.05.2010 12:08:25 | Computer Name = Kaimei-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 24 seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 16:14:40 | Computer Name = Kaimei-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 504
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.03.2011 08:48:30 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.03.2011 08:48:30 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.03.2011 08:48:31 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.03.2011 08:50:02 | Computer Name = Kaimei-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 13.03.2011 08:50:02 | Computer Name = Kaimei-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 13.03.2011 08:50:14 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Abel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 13.03.2011 08:50:31 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 13.03.2011 08:51:00 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.03.2011 08:51:13 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.03.2011 09:53:25 | Computer Name = Kaimei-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Code:
ATTFilter OTL logfile created on: 13.03.2011 16:37:10 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kaimei\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 35,32 Gb Free Space | 7,59% Space Free | Partition Type: NTFS Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kaimei\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TuneUp Utilities 2011\DiskExplorer.exe (TuneUp Software) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) PRC - C:\Users\Kaimei\Desktop\putty06.exe (Simon Tatham) PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Psi\Psi.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\PROGRAM FILES (X86)\STREAMRIPPER\wstreamripper.exe () PRC - C:\Program Files (x86)\KVIrc\kvirc.exe (KVIrc Development Team) PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\Kaimei\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH) MOD - C:\Windows\SysWOW64\crtdll.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. ) DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\Alcwdm64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (xfiltx64) -- C:\Windows\SysNative\drivers\xfiltx64.sys (VIA Technologies,Inc) DRV:64bit: - (videX64) -- C:\Windows\SysNative\drivers\videX64.sys (VIA Technologies, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 2C 77 A7 75 B5 CA 01 [binary data] IE - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.10 08:22:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 22:11:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.06 13:42:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.15 07:09:38 | 000,000,000 | ---D | M] [2010.02.08 16:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions [2010.02.08 16:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.12 19:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions [2010.12.29 12:34:27 | 000,000,000 | ---D | M] ("XHTML Ruby Support") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0620B69D-7B58-416d-A92A-0198860C2757} [2011.03.10 17:20:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.05 13:40:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.09.24 06:00:56 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2010.02.08 17:15:23 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2010.02.08 17:15:23 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.12.11 13:37:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.01.24 17:57:52 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.02.08 17:15:23 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.07.17 18:33:37 | 000,000,000 | ---D | M] ("TorrentFlux Add") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{AF77DAB8-8DCE-46d6-99D7-901C063EDA97} [2011.01.08 00:03:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.12.24 12:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.12 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.02.08 16:09:29 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\firebug@software.joehewitt.com [2011.03.10 07:31:45 | 000,000,000 | ---D | M] (Firecookie) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\firecookie@janodvarko.cz [2010.11.07 12:44:46 | 000,000,000 | ---D | M] (FirePHP) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org [2011.02.16 10:37:04 | 000,000,000 | ---D | M] ("FlashFirebug") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\flashfirebug@o-minds.com [2010.12.29 12:34:26 | 000,000,000 | ---D | M] (Furigana Injector) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\furiganainjector@yayakoshi.net [2010.03.10 21:38:15 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\illimitux@illimitux.net [2010.04.19 17:55:06 | 000,000,000 | ---D | M] ("Pastebin.com Quick Paster") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\upload_text@Pastebin.com [2010.11.07 12:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX [2010.11.07 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\chrome [2010.11.07 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\FirePHPExtension-Build@firephp.org\defaults [2011.03.12 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.03.12 19:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.28 17:47:01 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [1999.12.31 16:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.03.26 09:39:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.26 09:39:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.26 09:39:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.26 09:39:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.26 09:39:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.11 20:19:46 | 000,000,882 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 kaimei-home.ath.cx O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe () O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-2142560473-4073965963-3006564023-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 196.83.24.208 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\ProgramData\OcLVneIOUmyW.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () MsConfig:64bit - StartUpReg: Share - hkey= - key= - C:\Users\Kaimei\Desktop\Share Client\Share.exe () MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files\CS1.6\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {13KP1HCO-DQ56-LPVW-7N04-V32O5CC3JG40} - C:\Windows\system32\System32\WinUpdates.exe Restart ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {ZEQ2GQ1B-MY0K-U6HR-2ENY-9LU4ENX7GR10} - C:\Users\Kaimei\AppData\Local\Temp\holyshit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/) Drivers32:64bit: VIDC.LAGS - lagarith.dll ( ) Drivers32:64bit: VIDC.ULRA - C:\Windows\system32\utvideo.dll () Drivers32:64bit: VIDC.ULRG - C:\Windows\system32\utvideo.dll () Drivers32:64bit: VIDC.ULY0 - C:\Windows\system32\utvideo.dll () Drivers32:64bit: VIDC.ULY2 - C:\Windows\system32\utvideo.dll () Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( ) Drivers32: VIDC.ULRA - C:\Windows\SysWOW64\utvideo.dll () Drivers32: VIDC.ULRG - C:\Windows\SysWOW64\utvideo.dll () Drivers32: VIDC.ULY0 - C:\Windows\SysWOW64\utvideo.dll () Drivers32: VIDC.ULY2 - C:\Windows\SysWOW64\utvideo.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.12 23:48:15 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Local\TGitCache [2011.03.12 23:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git [2011.03.12 23:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git [2011.03.12 23:06:05 | 000,000,000 | ---D | C] -- C:\msysgit [2011.03.12 22:39:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.03.12 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\TortoiseGit [2011.03.08 21:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2011.03.06 16:10:54 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x [2011.03.06 14:48:16 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB [2011.03.06 14:29:08 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2011.03.03 06:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.02.15 23:56:56 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.02.15 23:56:41 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.02.15 23:56:41 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.02.15 23:56:41 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.02.15 23:56:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.02.15 23:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.02.15 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011 [2011.02.15 23:54:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.02.15 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit [2011.02.15 20:59:27 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseGit [2011.02.15 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN [2011.02.15 20:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays [2010.02.08 15:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.13 16:18:39 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND [2011.03.13 16:05:17 | 000,000,250 | ---- | M] () -- C:\Users\Kaimei\mm.cfg [2011.03.13 13:55:21 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:55:21 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:50:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.13 13:50:03 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys [2011.03.10 22:21:22 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd [2011.03.09 17:42:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.09 17:42:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.09 17:42:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.09 17:42:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.09 17:42:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.06 16:10:54 | 000,000,306 | ---- | M] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms [2011.03.06 14:29:08 | 000,002,528 | ---- | M] () -- C:\Users\Kaimei\Desktop\Windows 7 USB DVD Download Tool.lnk [2011.03.06 14:27:20 | 000,000,133 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\default.rss [2011.03.06 14:27:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.03.06 00:35:43 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.03.05 18:13:29 | 007,093,236 | ---- | M] () -- C:\Users\Kaimei\Desktop\xmlrpc.tgz [2011.03.03 20:39:38 | 000,006,332 | ---- | M] () -- C:\Users\Kaimei\Documents\server.kdb [2011.03.02 07:15:43 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.03.02 07:15:43 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.03.01 21:02:10 | 000,003,584 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.25 21:38:47 | 000,009,384 | ---- | M] () -- C:\Users\Kaimei\rss.php.2 [2011.02.25 21:31:41 | 000,000,830 | ---- | M] () -- C:\Users\Kaimei\rss.php.1 [2011.02.25 21:14:31 | 000,000,462 | ---- | M] () -- C:\Users\Kaimei\rss.php [2011.02.18 13:10:36 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.02.18 13:06:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.02.18 13:06:00 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.02.18 13:05:56 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.02.12 02:04:30 | 000,002,994 | ---- | M] () -- C:\Users\Kaimei\Desktop\Manga.zip [2011.02.12 01:42:00 | 000,009,837 | ---- | M] () -- C:\Users\Kaimei\Desktop\Manga.rar [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.06 16:10:54 | 000,000,306 | ---- | C] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms [2011.03.06 14:48:19 | 000,000,690 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSetupFromUSB 0.1.1.lnk [2011.03.06 14:29:08 | 000,002,528 | ---- | C] () -- C:\Users\Kaimei\Desktop\Windows 7 USB DVD Download Tool.lnk [2011.03.05 18:18:26 | 007,093,236 | ---- | C] () -- C:\Users\Kaimei\Desktop\xmlrpc.tgz [2011.02.27 22:25:35 | 000,006,332 | ---- | C] () -- C:\Users\Kaimei\Documents\server.kdb [2011.02.25 21:38:47 | 000,009,384 | ---- | C] () -- C:\Users\Kaimei\rss.php.2 [2011.02.25 21:31:41 | 000,000,830 | ---- | C] () -- C:\Users\Kaimei\rss.php.1 [2011.02.25 21:12:12 | 000,000,462 | ---- | C] () -- C:\Users\Kaimei\rss.php [2011.02.16 10:37:16 | 000,000,250 | ---- | C] () -- C:\Users\Kaimei\mm.cfg [2011.02.15 23:56:38 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.02.15 23:56:37 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.02.15 23:56:37 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.02.12 02:04:30 | 000,002,994 | ---- | C] () -- C:\Users\Kaimei\Desktop\Manga.zip [2011.02.12 01:41:53 | 000,009,837 | ---- | C] () -- C:\Users\Kaimei\Desktop\Manga.rar [2010.12.02 19:05:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\DVDKeyAuth.dll [2010.09.29 18:34:16 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini [2010.09.15 07:37:27 | 000,003,584 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.26 00:02:32 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\utvideo.dll [2010.06.19 23:18:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.19 23:18:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2010.06.19 23:18:54 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.19 23:18:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.06.19 23:18:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.05.08 01:55:00 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini [2010.03.21 18:28:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.03.10 07:24:25 | 000,289,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.02.18 02:18:36 | 000,000,133 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\default.rss [2010.02.18 02:13:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.13 00:39:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini [2010.02.11 13:32:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.02.09 16:36:58 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND [2010.02.09 14:44:10 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd [2010.02.09 03:07:26 | 000,002,298 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\ASSDraw3.cfg [2010.02.08 15:57:57 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe [2010.02.08 15:57:57 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat [2010.02.08 15:52:01 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe [2010.02.08 15:51:46 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll [2010.02.08 15:51:46 | 000,037,376 | R--- | C] () -- C:\Windows\CPLUtl64.exe [2010.02.08 15:51:44 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini [2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2004.08.30 13:26:16 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2002.10.15 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2010.06.08 14:27:54 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Subversion [2010.04.30 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TeamViewer [2011.02.18 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software [2010.09.28 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\uTorrent [2010.12.01 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft [2010.10.20 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis [2010.02.15 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub [2010.11.13 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog [2010.03.09 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus [2010.02.09 03:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan [2010.04.05 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite [2010.11.09 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft [2010.09.15 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.13 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla [2010.07.15 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP [2010.03.03 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0 [2010.12.02 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake [2011.03.13 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ [2010.04.15 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass [2010.11.20 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net [2010.02.15 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub [2010.02.08 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc [2010.07.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4 [2010.05.12 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient [2010.05.11 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.05.07 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael [2010.04.24 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda [2010.12.01 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++ [2010.03.16 20:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org [2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper [2010.04.09 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion [2010.10.22 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer [2011.03.07 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy [2010.05.08 02:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall [2010.02.08 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird [2010.07.10 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt [2011.01.27 17:52:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client [2011.02.15 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software [2010.05.19 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl [2011.03.13 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent [2010.02.09 17:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb [2010.09.29 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF [2011.03.07 06:58:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.01 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft [2010.10.20 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis [2010.12.02 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Adobe [2010.02.15 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub [2010.11.13 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog [2010.11.09 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Apple Computer [2010.11.12 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Avira [2010.03.09 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus [2010.02.09 03:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan [2010.04.05 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite [2010.07.12 01:32:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DivX [2010.09.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\dvdcss [2010.11.09 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft [2010.09.15 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.13 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla [2010.07.15 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP [2010.03.03 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0 [2010.12.02 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake [2011.03.13 16:33:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ [2010.02.08 15:28:32 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Identities [2010.04.15 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass [2010.11.20 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net [2010.02.15 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub [2010.02.08 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc [2010.07.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4 [2010.05.12 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient [2010.05.11 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.02.08 16:02:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Macromedia [2010.05.07 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael [2010.02.24 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Malwarebytes [2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Center Programs [2010.02.09 02:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Player Classic [2010.11.23 21:25:58 | 000,000,000 | --SD | M] -- C:\Users\Kaimei\AppData\Roaming\Microsoft [2010.04.24 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda [2011.02.16 18:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\mIRC [2010.02.08 15:32:39 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mozilla [2010.02.16 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Nero [2010.12.01 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++ [2010.03.16 20:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org [2010.11.06 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\PSpad [2010.06.20 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Real [2011.02.08 16:09:01 | 000,000,000 | RH-D | M] -- C:\Users\Kaimei\AppData\Roaming\SecuROM [2011.03.13 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Skype [2011.03.13 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SkypePM [2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper [2010.04.09 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion [2010.02.24 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SUPERAntiSpyware.com [2011.01.29 20:29:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\teamspeak2 [2010.10.22 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer [2011.03.07 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy [2010.05.08 02:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall [2010.02.08 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird [2011.03.13 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseGit [2010.05.05 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseSVN [2010.07.10 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt [2011.01.27 17:52:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client [2011.02.15 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software [2010.05.19 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl [2011.03.13 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent [2011.01.27 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\vlc [2010.06.06 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Winamp [2010.02.08 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\WinRAR [2010.02.09 17:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb [2010.09.29 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF < %APPDATA%\*.exe /s > [2010.05.11 17:02:49 | 000,038,784 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.01.03 16:05:37 | 000,005,120 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{7E60C9C0-B135-41FE-8EEA-0B021BB63234}\Icon7E60C9C0.exe [2011.03.06 14:29:08 | 000,119,808 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [2008.12.02 07:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI.exe [2008.12.01 12:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI32.exe [2008.12.01 12:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI64.exe [2008.11.26 05:57:44 | 000,737,280 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe [2008.11.26 12:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGInternetKit_V3.0.0.24_Setup.exe [2011.03.12 19:39:03 | 000,188,152 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Mozilla\Firefox\Profiles\fcnyq30v.default\FlashGot.exe [2010.05.18 17:09:29 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002i\msiexec.exe [2010.05.18 17:11:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002i\splwow64.exe [2010.05.18 17:08:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002i\OffDiag.exe [2010.05.18 17:08:12 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002i\SETUP.EXE [2010.05.18 17:12:34 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002i\MSACCESS.EXE [2010.05.18 17:08:25 | 000,053,760 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002i\DW20.EXE [2009.06.29 07:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\MP4Box.exe [2010.02.09 17:12:35 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Uninstall.exe [2009.06.29 13:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Yamb.exe [2009.05.03 19:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Kaimei\AppData\Roaming\Yamb\eac3to\eac3to.exe [2009.06.07 10:10:40 | 002,282,496 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\mkvextract\mkvextract.exe < %SYSTEMDRIVE%\*.exe > [2009.09.11 16:22:34 | 000,592,208 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2009.06.19 18:28:22 | 001,030,674 | ---- | M] () -- C:\x264.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.21 19:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\500 GB platte\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2010.01.21 19:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winnt40\viamraid.sys [2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT4\viamraid.sys [2006.11.08 14:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winnt40\viamraid.sys [2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winxp\viamraid.sys [2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT5\viamraid.sys [2006.11.08 14:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winxp\viamraid.sys < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll [2009.07.14 02:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll < End of report > |
|
13.03.2011, 17:46
| #4 |
| /// Malware-holic | Windows 7 Safe Mode ich möchte die alten fundmeldungen sehen, unter avira, rports, falls scan logs, oder avira, ereignisse, falls guard funde
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2011, 18:50
| #5 |
| | Windows 7 Safe Mode Hoffe, dass das die Richtigen sind. Hab sie bei Avira aus den Ereignissen kopiert. Code:
ATTFilter Die Datei 'C:\ProgramData\28609.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Eine Instanz der ARK Library läuft bereits.
Code:
ATTFilter In der Datei 'C:\ProgramData\43812.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\AB7A.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492eece6.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\C571.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Cutwail.BA.25' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '368de5a7.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\Users\Kaimei\AppData\Local\Temp\B33E.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4728dc30.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\Users\Kaimei\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQYAXQI0\load[4].php'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pakes.ora' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '05669162.qua' verschoben!
Code:
ATTFilter Die Datei 'C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4a697dd8-68aae466'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Agent.f.5905' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50abbb43.qua' verschoben!
|
|
13.03.2011, 19:15
| #6 |
| /// Malware-holic | Windows 7 Safe Mode poste noch alle Malwarebytes logs.
__________________ --> Windows 7 Safe Mode |
|
13.03.2011, 20:12
| #7 |
| | Windows 7 Safe Mode Hab das jetzt durchlaufen lassen und die Sachen beheben lassen, so wies im Link stand. Da ist das Log. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6044
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13.03.2011 20:09:44
mbam-log-2011-03-13 (20-09-44).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 182395
Laufzeit: 7 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Not selected for removal.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Not selected for removal.
|
|
13.03.2011, 20:22
| #8 |
| /// Malware-holic | Windows 7 Safe Mode das sieht nicht gut aus. machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2011, 20:27
| #9 |
| | Windows 7 Safe Mode Habs jetzt nachm restart noch mal drüber laufen lassen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6044
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13.03.2011 20:25:21
mbam-log-2011-03-13 (20-25-21).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181391
Laufzeit: 6 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2142560473-4073965963-3006564023-1000\$R9XU5MG.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Quarantined and deleted successfully.
EDIT: Nachm Restart sind die Probleme immer noch vorhanden. EDIT2: Taskmanager geht doch wieder und nachdem ich das Desktoppic nun geändert hab ist auch das mit dem Safe Mode weg. Danke für deine schnelle und ich denke mal erfolgreiche Hilfe markusg. Bin dir echt dankbar. Geändert von gabagandalf (13.03.2011 um 20:36 Uhr) |
|
13.03.2011, 20:36
| #10 |
| /// Malware-holic | Windows 7 Safe Mode das beantwortet nicht die frage ob du onlinebanking etc machst. und die passwörter von diesem pc aus zu endern ist sinnlos. trojaner sind außerdem nicht drauf angewiesen ob passwörter im browser gespeichert werden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2011, 20:40
| #11 |
| | Windows 7 Safe Mode Das ist mir auch klar, dass ändern von dem PC nichts bringt. Habe sie von meinem Notebook aus geändert. Und ja ich habe über den PC vorher auch Onlineeinkäufe gemacht. |
|
13.03.2011, 20:47
| #12 |
| /// Malware-holic | Windows 7 Safe Mode ok. du hast den spyeyes trojaner auf dem pc. das ist im moment einer der ausgeklügelsten trojaner. diese können nicht mehr nachvollziebare enderungen am system vor nehmen, da du einkäufe machst, ist das sicherste ein neu aufsetzen, wir können sonst nicht garantieren das das system sauber ist. für das neu aufgesetze system erkläre ich dir wie du es absicherst.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2011, 20:49
| #13 |
| | Windows 7 Safe Mode Ja ok danke. Ich werd das aber erst nächten Wochenende schaffen denke ich mal. Aber danke schon mal für die Hilfe. |
|
13.03.2011, 20:54
| #14 |
| /// Malware-holic | Windows 7 Safe Mode ok meld dich dann einfach noch mal. tut mir leid für die schlechten nachichten am sonntag :d aber kann man nichts machen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2011, 21:25
| #15 |
| | Windows 7 Safe Mode Jo kannst du ja auch nichts für. Und es ist besser so, als wenn dann irgendwer über meinen Namen was bestellt oder sonst was macht. Außerdem danke, dass wir das so schnell "durchbekommen" haben und das am Sonntag. Hatte eigendlich erst heute abend mit ersten Antworten gerechnet. |
|
| Themen zu Windows 7 Safe Mode |
| abgesicherten, antispyware, antivir, anzeige, avira, avira antivir, detected, edition, free, funktioniert, gelöscht, hijack, keine viren, links, modus, neue, neuen, nichts, problem, programme, strg, super, taskmanager, viren, windows, windows 7 |
Linear-Darstellung
