Trojaner-Board - Keine Rückmeldung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Keine Rückmeldung (https://www.trojaner-board.de/103253-keine-rueckmeldung.html)

fondorking

08.09.2011 12:17

Keine Rückmeldung

Hallo alle zusammen
ich habe ein kleines Problem, undzwar hängt sich mein PC in letzter zeit gerne mal so für ca 5sek auf und bei allen geöffneten Fenstern (außer spielen) kommt ziemlich oft die meldung "keine rückmeldung".
Nach und nach kommen immer mehr von solchen kleinen Problemen und ich würde gerne mal wissen was da mit meinem PC los ist.
Vielleicht bring euch ja ein HiJackThis File etwas:

ZWISCHENDURCH KAM BEI HIJACKTHIS DIE MELDUNG: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:25, on 08.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Users\Admin\Desktop\Alles Mögliche\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.88.251:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eyeline Video System (EyelineService) - Unknown owner - C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe (file missing)
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Sicherheitskonto-Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8918 bytes

cosinus

08.09.2011 13:51

Zitat:

Vielleicht bring euch ja ein HijackThis File etwas:

http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

fondorking

08.09.2011 14:39

Oh, sry, das wusste ich nicht.:rolleyes:OTL Logfile:

Code:

OTL logfile created on: 08.09.2011 15:11:01 - Run 1

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 69,95% Memory free

8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397,17 Gb Total Space | 1014,22 Gb Free Space | 72,59% Space Free | Partition Type: NTFS

 

Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)

SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)

SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)

SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)

DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)

DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)

DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)

DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)

DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)

DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)

DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.08.27 10:37:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA

 

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.09.08 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.23 10:58:39 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com

[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

 

O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 secure.disc-soft.com 

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe

O34 - HKLM BootExecute: (PDBoot.exe) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}

[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}

[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}

[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS

[2011.09.06 21:35:19 | 000,771,016 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe

[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com

[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}

[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}

[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}

[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}

[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}

[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}

[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}

[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}

[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}

[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}

[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}

[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph

[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM

[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}

[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}

[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive

[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011

[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games

[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old

[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco

[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT

[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT

[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects

[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL

[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects

[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD

[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD

[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD

[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009

[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}

[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}

[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}

[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}

[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}

[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}

[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}

[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}

[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}

[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}

[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}

[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}

[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}

[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}

[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}

[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}

[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos

[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}

[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}

[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}

[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}

[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}

[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}

[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}

[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}

[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}

[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}

[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}

[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd

[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}

[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}

[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}

[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}

[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG

[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP

[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}

[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}

[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}

[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}

[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}

[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}

[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}

[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}

[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}

[2011.08.12 01:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2011.08.12 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2011.08.11 18:20:35 | 000,107,008 | ---- | C] (uc-forum.com) -- C:\Users\Admin\Desktop\BFP4F Loader.exe

[2011.08.11 13:07:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C3A4B98-3043-4CA9-B866-00DDEA32D31E}

[2011.08.11 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F65D0D17-2D06-4BA5-801F-2CEFDEB9DE39}

[2011.08.09 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.09 18:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.08.09 18:19:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DVDVideoSoft

[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll

[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.08 15:08:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.08 15:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.08 15:06:56 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 15:05:22 | 000,000,198 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.08 14:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.08 13:02:49 | 000,401,659 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2011.09.08 13:02:49 | 000,032,535 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.08.31 21:44:44 | 000,001,740 | ---- | M] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk

[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk

[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.08 15:05:20 | 000,000,198 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk

[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2011.08.31 21:44:44 | 000,001,740 | ---- | C] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk

[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk

[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe

[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.30 15:52:19 | 000,401,659 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys

[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.15 19:34:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\H@tKeysH@@k.DLL

[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe

[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns

[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini

[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

[2003.05.18 18:23:35 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\fraps.dll

 
 ========== LOP Check ==========

 

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2011.09.08 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.04.30 09:45:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < defogger_disable by jpshortstuff (23.02.10.1) >

 
 < Log created at 15:05 on 08/09/2011 (***) >

Invalid Switch: 2011 (***)
 

 
 <  >

 
 < Checking for autostart values... >

 
 < HKCU\~\Run values retrieved. >

 
 < HKLM\~\Run values retrieved. >

 
 < HKCU:DAEMON Tools Pro Agent -> Removed >

 
 <  >

 
 < Checking for services/drivers... >

Invalid Switch: drivers...
 

 
 < SPTD -> Disabled (Service running -> reboot required) >

 
 <  >

 
 <  >

 
 < -=E.O.F=- >
 

< End of report >

--- --- ---
Anhang 22138

cosinus

08.09.2011 16:05

Log wurde falsch erstellt, du hast den falschen Text in die untere Box bei OTL reinkopiert. Bitte die Anweisung genau lesen und umsetzen.

fondorking

08.09.2011 16:42

:stirn:OTL Logfile:

Code:

OTL logfile created on: 08.09.2011 17:25:12 - Run 2

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,70% Memory free

8,00 Gb Paging File | 6,52 Gb Available in Paging File | 81,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397,17 Gb Total Space | 1014,20 Gb Free Space | 72,59% Space Free | Partition Type: NTFS

 

Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)

SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)

SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)

SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)

DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)

DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)

DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)

DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)

DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)

DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)

DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 16:32:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA

 

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.09.08 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.23 10:58:39 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com

[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

 

O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 secure.disc-soft.com 

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe

O34 - HKLM BootExecute: (PDBoot.exe) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)

MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG)

MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}

[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}

[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}

[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS

[2011.09.06 21:35:19 | 000,771,016 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe

[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com

[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}

[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}

[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}

[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}

[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}

[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}

[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}

[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}

[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}

[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}

[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}

[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph

[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM

[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}

[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}

[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive

[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011

[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games

[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old

[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco

[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT

[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT

[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects

[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL

[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects

[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD

[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD

[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD

[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009

[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}

[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}

[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}

[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}

[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}

[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}

[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}

[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}

[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}

[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}

[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}

[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}

[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}

[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}

[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}

[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}

[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos

[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}

[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}

[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}

[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}

[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}

[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}

[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}

[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}

[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}

[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}

[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}

[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd

[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}

[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}

[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}

[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}

[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG

[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP

[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}

[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}

[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}

[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}

[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}

[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}

[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}

[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}

[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}

[2011.08.12 01:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2011.08.12 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2011.08.11 18:20:35 | 000,107,008 | ---- | C] (uc-forum.com) -- C:\Users\Admin\Desktop\BFP4F Loader.exe

[2011.08.11 13:07:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C3A4B98-3043-4CA9-B866-00DDEA32D31E}

[2011.08.11 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F65D0D17-2D06-4BA5-801F-2CEFDEB9DE39}

[2011.08.09 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.08.09 18:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2011.08.09 18:19:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DVDVideoSoft

[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll

[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.08 16:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.08 16:00:54 | 000,029,237 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Windows.jpg

[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.08 15:08:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.08 15:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.08 15:06:56 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 15:05:22 | 000,000,198 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.08 13:02:49 | 000,401,659 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2011.09.08 13:02:49 | 000,032,535 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.08.31 21:44:44 | 000,001,740 | ---- | M] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk

[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk

[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.08 16:00:53 | 000,029,237 | ---- | C] () -- C:\Users\Admin\Desktop\Microsoft Windows.jpg

[2011.09.08 15:05:20 | 000,000,198 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk

[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2011.08.31 21:44:44 | 000,001,740 | ---- | C] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk

[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk

[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe

[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.30 15:52:19 | 000,401,659 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys

[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.15 19:34:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\H@tKeysH@@k.DLL

[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe

[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns

[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini

[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

[2003.05.18 18:23:35 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\fraps.dll

 
 ========== LOP Check ==========

 

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2011.09.08 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.04.30 09:45:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse

[2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD

[2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI

[2011.09.06 22:04:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics

[2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel

[2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP

[2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.09.08 15:36:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)

[2011.09.06 12:34:13 | 000,000,000 | ---D | M] -- C:\ProgramData

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users

[2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >
 

< End of report >

--- --- ---

cosinus

08.09.2011 20:18

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

fondorking

08.09.2011 20:24

Was genau ist mit routinemäßig gemeint, jeden tag ein mal??

cosinus

08.09.2011 21:44

Häh? Wie kann man aus routinemäßig 1x am tag interpretieren? :wtf:
Damit wird ausgedrückt, dass wir hier am Anfang immer die Routine durchlaufen lassen, also Vollscan Malwarebytes!

fondorking

09.09.2011 19:05

Sry hab was falsch verstanden :D

hier mal das Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7678

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

08.09.2011 23:37:27
mbam-log-2011-09-08 (23-37-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 538817
Laufzeit: 2 Stunde(n), 2 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\JPPIX9QT\testbundle23w_1254[1].exe (Trojan.Agent) -> No action taken.
c:\Users\Admin\AppData\Roaming\WinPump\pumpa.exe (Trojan.BTManager) -> No action taken.
c:\Users\Admin\Desktop\alles mögliche\gta san andreas\trainer.exe (Trojan.Downloader) -> No action taken.
c:\Users\Admin\Desktop\alles mögliche\gta san andreas 2\trainer.exe (Trojan.Downloader) -> No action taken.
c:\program files (x86)\fraps.dll (Spyware.OnlineGames) -> No action taken.
c:\uninstall.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

cosinus

09.09.2011 19:31

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

fondorking

09.09.2011 19:34

die sachen wurden alle in quarantäne geschickt und da hab ich sie dann über malwarebytes gelöscht.. richtig so?

cosinus

09.09.2011 19:40

Dann ist ok. Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

fondorking

09.09.2011 23:20

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=79a5d7440aa0f943bd1a90f99d38f51d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-09 10:15:53
# local_time=2011-09-10 12:15:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 16182203 16182203 0 0
# compatibility_mode=5893 16776574 100 94 5714102 67224078 0 0
# compatibility_mode=8192 67108863 100 0 182 182 0 0
# scanned=330289
# found=6
# cleaned=0
# scan_time=12324
C:\Program Files (x86)\eDgMt2\3d_config.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\eDgMt2\eDgMt2.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe Win32/Adware.GoodMedia.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\Alles Mögliche\GTA San Andreas.rar probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Downloads\eDgMt2 Client v4.2 Patcher v1.3.0.1.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I

cosinus

10.09.2011 00:24

Zitat:

C:\Program Files (x86)\eDgMt2\3d_config.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\eDgMt2\eDgMt2.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe Win32/Adware.GoodMedia.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\Alles Mögliche\GTA San Andreas.rar probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Downloads\eDgMt2 Client v4.2 Patcher v1.3.0.1.exe Win32/Packed.Autoit.C.Gen

Was ist das für ein Schroot auf den Rechner?? :wtf:
Das hast du manuell runtegeladen!

fondorking

10.09.2011 09:14

edgmt2 ist nen metin 2 server :D:D hab ich früher immer gespielt.

cosinus

11.09.2011 12:48

"Patcher" und "Trainer" sind riskantes Zeug, lass die Finger davon!

Zitat:

(G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity

SecuritySuites sind völlig kontraproduktiv, fette Systembremsen ohne echten Mehrwert!
Ich empfehle die umgehende Deinstallation und Nutzung eines reinen Virenscanners plus Windows-Firewall. Deinstallier es aber erstmal nur, wenn wir durch sind hier kannst du dich um einen anderen Virenscanner kümmern.

Mach danach ein neues OTL-Log und poste es mit CODE-Tags.

fondorking

11.09.2011 14:31

dumme frage, aber was sind code tags?

also ist deiner meinung nach, gdata sinnlos? was soll ich denn dann für ein virenprogramm haben?

cosinus

11.09.2011 15:02

Code-Tags sind diese hier => [code] [/code]

Normalerweise sind die so gepostet nicht sichtbar. Zwischen diesen beiden Tags postet man die Logs.

GDATA selbst ist nicht sinnlog, wohl aber jede fette Internet Security. Besser ist man mit reinen Virenscannern wie MSE oder Avast dran. Aber erstmal deinstallierst du nur GDATA IS, erst wenn wir hier durch sind kommt so ein Scanner wieder rauf.

fondorking

11.09.2011 15:08

Code:

OTL logfile created on: 11.09.2011 15:34:04 - Run 3

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,55% Memory free

8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397,17 Gb Total Space | 1013,04 Gb Free Space | 72,51% Space Free | Partition Type: NTFS

 

Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)

SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)

SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)

SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)

DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)

DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)

DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)

DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)

DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)

DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)

DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA

 

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com

[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

 

O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 secure.disc-soft.com 

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe

O34 - HKLM BootExecute: (PDBoot.exe) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)

MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG)

MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0

[2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5

[2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5

[2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help

[2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5

[2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5

[2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5

[2011.09.11 13:28:21 | 000,000,000 | ---D | C] -- C:\81ecbee7fd739ac95739

[2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC}

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision

[2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops

[2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops

[2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps

[2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF}

[2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E}

[2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}

[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}

[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}

[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS

[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com

[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}

[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}

[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}

[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}

[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}

[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}

[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}

[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}

[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}

[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}

[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}

[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph

[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM

[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}

[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}

[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive

[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011

[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games

[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old

[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco

[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT

[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT

[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects

[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL

[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects

[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD

[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD

[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD

[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009

[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}

[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}

[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}

[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}

[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}

[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}

[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}

[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}

[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}

[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}

[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}

[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}

[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}

[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}

[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}

[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}

[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos

[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}

[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}

[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}

[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}

[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}

[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}

[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}

[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}

[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}

[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}

[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}

[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd

[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}

[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}

[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}

[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}

[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG

[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP

[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}

[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}

[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}

[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}

[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}

[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}

[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}

[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}

[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}

[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll

[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2011.09.11 14:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2011.09.11 12:53:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.11 12:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.11 12:52:52 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk

[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk

[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk

[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe

[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys

[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe

[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns

[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini

[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

 
 ========== LOP Check ==========

 

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2011.09.11 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.09.11 13:29:54 | 000,000,000 | ---D | M] -- C:\81ecbee7fd739ac95739

[2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse

[2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD

[2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI

[2011.09.11 01:41:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics

[2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel

[2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP

[2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.09.11 15:29:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)

[2011.09.08 21:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users

[2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >
 

< End of report >

cosinus

11.09.2011 15:16

Du solltest GDATA doch vorher deinstallieren!!

fondorking

11.09.2011 16:30

Sry

Code:

OTL logfile created on: 11.09.2011 17:19:46 - Run 4

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,45% Memory free

8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397,17 Gb Total Space | 1013,63 Gb Free Space | 72,55% Space Free | Partition Type: NTFS

 

Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)

DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)

DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)

DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA

 

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com

[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

 

O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 secure.disc-soft.com 

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe

O34 - HKLM BootExecute: (PDBoot.exe) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)

MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG)

MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0

[2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5

[2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5

[2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help

[2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5

[2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5

[2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5

[2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC}

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision

[2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops

[2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops

[2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps

[2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF}

[2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E}

[2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}

[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}

[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}

[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS

[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com

[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}

[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}

[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}

[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}

[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}

[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}

[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}

[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}

[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}

[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}

[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}

[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph

[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM

[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}

[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}

[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive

[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011

[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games

[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old

[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco

[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT

[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT

[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects

[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL

[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects

[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD

[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD

[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD

[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009

[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}

[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}

[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}

[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}

[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}

[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}

[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}

[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}

[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}

[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}

[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}

[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}

[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}

[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}

[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}

[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}

[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos

[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}

[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}

[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}

[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}

[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}

[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}

[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}

[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}

[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}

[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}

[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}

[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd

[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}

[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}

[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}

[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}

[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG

[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP

[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}

[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}

[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}

[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}

[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}

[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}

[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}

[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}

[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}

[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll

[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.11 17:14:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.11 17:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.11 17:14:18 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.11 16:46:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk

[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk

[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk

[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe

[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys

[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe

[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns

[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini

[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

 
 ========== LOP Check ==========

 

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2011.09.11 17:22:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse

[2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD

[2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI

[2011.09.11 17:14:18 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics

[2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel

[2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP

[2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.09.11 17:16:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)

[2011.09.08 21:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users

[2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

fondorking

11.09.2011 16:41

Jetzt hab ich aber kein einziges virenprogramm...

cosinus

11.09.2011 17:37

Zitat:

Jetzt hab ich aber kein einziges virenprogramm...

Und? Nur weil die Softwareindustrie Panik schürt, heißr das noch lange nicht, dass Schädlinge einfach so auf dem Rechner landen und man das ganz wie Naturkatastophen einfach so hinnehmen muss.
Ein im Hintergrund laufender Virenscanner ist ein ziemlich unbedeutender Bestandteil im Sicherheitskonzept.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE

O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe

O34 - HKLM BootExecute: (PDBoot.exe) -  File not found

[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com

[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

fondorking

11.09.2011 17:49

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.

C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "ICQ Search" removed from browser.search.selectedEngine

Prefs.js: info@djzig.com:1.2.0 removed from extensions.enabledItems

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" removed from keyword.URL

Prefs.js: "192.168.88.251" removed from network.proxy.ftp

Prefs.js: 800 removed from network.proxy.ftp_port

Prefs.js: "192.168.88.251" removed from network.proxy.gopher

Prefs.js: 800 removed from network.proxy.gopher_port

Prefs.js: "192.168.88.251" removed from network.proxy.http

Prefs.js: 800 removed from network.proxy.http_port

Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on

Prefs.js: true removed from network.proxy.share_proxy_settings

Prefs.js: "192.168.88.251" removed from network.proxy.socks

Prefs.js: 800 removed from network.proxy.socks_port

Prefs.js: "192.168.88.251" removed from network.proxy.ssl

Prefs.js: 800 removed from network.proxy.ssl_port

Prefs.js: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q=" removed from sweetim.toolbar.previous.keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

File V:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

File V:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.

File V:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\Setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\cdstart.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\cdstart.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:PDBoot.exe deleted successfully.

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7 folder moved successfully.

C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.

C:\Program Files (x86)\facemoods.com folder moved successfully.

C:\Users\Admin\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 2778909 bytes

->Temporary Internet Files folder emptied: 895286272 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 183557097 bytes

->Flash cache emptied: 57246 bytes

 

User: Administrator

->Temp folder emptied: 162923 bytes

->Temporary Internet Files folder emptied: 33036 bytes

->Flash cache emptied: 56502 bytes

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33036 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: ladmin

->Temp folder emptied: 113839 bytes

->Temporary Internet Files folder emptied: 33036 bytes

->Flash cache emptied: 56502 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 3221600 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10811 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes

RecycleBin emptied: 526 bytes

 

Total Files Cleaned = 1.035,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.27.0 log created on 09112011_184422
 

Files\Folders moved on Reboot...

C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

cosinus

11.09.2011 17:55

Mach zur Kontrolle bitte ein neues OTl-Custom-Log.

fondorking

11.09.2011 17:57

also meinst du nen ganz normalen quick scan?

cosinus

11.09.2011 17:58

Na, das hier:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

fondorking

11.09.2011 18:11

Code:

OTL logfile created on: 11.09.2011 18:59:42 - Run 5

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,55% Memory free

8,00 Gb Paging File | 6,64 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397,17 Gb Total Space | 1014,61 Gb Free Space | 72,62% Space Free | Partition Type: NTFS

 

Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.03.02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)

DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)

DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)

DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)

DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)

DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="

FF - prefs.js..network.proxy.ftp: "192.168.88.251"

FF - prefs.js..network.proxy.ftp_port: 800

FF - prefs.js..network.proxy.gopher: "192.168.88.251"

FF - prefs.js..network.proxy.gopher_port: 800

FF - prefs.js..network.proxy.http: "192.168.88.251"

FF - prefs.js..network.proxy.http_port: 800

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.88.251"

FF - prefs.js..network.proxy.socks_port: 800

FF - prefs.js..network.proxy.ssl: "192.168.88.251"

FF - prefs.js..network.proxy.ssl_port: 800

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA

 

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions

[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com

[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml

 

O1 HOSTS File: ([2011.09.11 18:45:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)

MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG)

MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.11 18:44:22 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.09.11 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{46227295-8F4C-4B3C-AE43-554F925A200D}

[2011.09.11 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{51861B51-93B3-4723-8769-8DA784622C2A}

[2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0

[2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5

[2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5

[2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help

[2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5

[2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5

[2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5

[2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC}

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision

[2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops

[2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops

[2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps

[2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF}

[2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E}

[2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}

[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}

[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}

[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center

[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS

[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader

[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}

[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}

[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}

[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}

[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}

[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}

[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}

[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}

[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}

[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}

[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}

[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph

[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM

[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}

[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}

[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive

[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011

[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games

[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old

[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco

[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT

[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT

[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects

[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL

[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects

[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD

[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD

[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD

[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD

[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009

[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}

[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}

[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}

[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}

[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}

[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}

[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}

[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}

[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}

[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}

[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}

[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}

[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}

[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}

[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}

[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}

[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos

[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}

[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}

[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys

[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}

[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}

[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}

[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}

[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}

[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}

[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}

[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}

[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}

[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd

[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}

[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}

[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}

[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}

[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG

[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP

[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech

[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}

[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}

[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}

[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}

[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}

[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}

[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}

[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}

[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}

[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll

[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.11 18:55:12 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 18:55:12 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.11 18:46:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.11 18:46:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.11 18:45:58 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.11 18:45:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011.09.11 18:06:00 | 001,216,443 | ---- | M] () -- C:\Users\Admin\Desktop\TBR.rar

[2011.09.11 17:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable

[2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin

[2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk

[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys

[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys

[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys

[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys

[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.09.11 18:06:46 | 001,216,443 | ---- | C] () -- C:\Users\Admin\Desktop\TBR.rar

[2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable

[2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk

[2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk

[2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk

[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe

[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk

[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk

[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk

[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll

[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk

[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe

[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys

[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe

[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns

[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns

[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll

[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll

[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini

[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

 
 ========== LOP Check ==========

 

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2011.09.11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.09.11 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe

[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari

[2009.12.04 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ATI

[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock

[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations

[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation

[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design

[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran

[2010.04.14 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink

[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro

[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios

[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA

[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft

[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media

[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008

[2009.12.26 17:13:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google

[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0

[2009.12.04 01:13:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities

[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO

[2010.01.02 17:36:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield

[2009.12.15 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Jasc Software Inc

[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech

[2011.08.15 20:31:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logishrd

[2011.08.15 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logitech

[2009.12.23 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia

[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX

[2011.09.08 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs

[2011.02.08 22:24:24 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft

[2011.03.19 13:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla

[2010.02.21 13:54:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software

[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound

[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World

[2010.12.20 15:47:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero

[2011.09.11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor

[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++

[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic

[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD

[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc

[2011.03.23 13:24:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real

[2011.02.17 19:18:16 | 000,000,000 | RH-D | M] -- C:\Users\Admin\AppData\Roaming\SecuROM

[2011.09.06 01:38:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype

[2011.09.06 00:07:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM

[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony

[2010.10.29 22:15:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\teamspeak2

[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software

[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft

[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb

[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

[2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump

[2009.12.23 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.09.04 10:25:19 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Admin\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe

[2011.09.02 00:20:36 | 034,614,074 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\ImTOO\Video Converter Ultimate 6\video-converter-ultimate6.exe

[2011.08.15 20:33:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2011.02.17 19:15:57 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe

[2010.12.06 14:38:26 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2011.08.11 18:15:48 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe

[2009.07.22 17:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe

[2010.09.26 09:24:03 | 000,059,043 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe

[2010.06.18 21:24:16 | 000,414,168 | ---- | M] (Visicom Media Inc.) -- C:\Users\Admin\AppData\Roaming\wbtooltb\wbbtool1_0dn.exe

[2011.04.30 01:23:34 | 000,731,472 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe

[2011.04.30 09:44:57 | 000,032,449 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\uninstall.exe

[2011.05.14 17:20:24 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\WinPump.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2009.01.29 19:12:50 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=86C7D345A9D6DA814DBA6F785FE49908 -- C:\Program Files (x86)\Panasonic\HD Writer AE 1\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

cosinus

11.09.2011 18:21

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

fondorking

11.09.2011 18:31

da progi hat nichts gefunden

cosinus

11.09.2011 19:00

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

fondorking

11.09.2011 21:26

Code:

ComboFix 11-09-11.05 - Cedric 11.09.2011  20:05:38.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2660 [GMT 2:00]

ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\SysWow64\comct332.ocx

c:\windows\SysWow64\mfc100deu.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-11 bis 2011-09-11  ))))))))))))))))))))))))))))))

.

.

2011-09-11 18:10 . 2011-09-11 18:10        --------        d-----w-        c:\users\ladmin\AppData\Local\temp

2011-09-11 18:10 . 2011-09-11 18:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-09-11 18:10 . 2011-09-11 18:10        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2011-09-11 16:44 . 2011-09-11 16:44        --------        d-----w-        C:\_OTL

2011-09-11 13:29 . 2011-09-11 13:29        --------        d-----w-        c:\program files (x86)\Reader 10.0

2011-09-11 13:29 . 2011-09-11 13:29        --------        d-----w-        c:\program files (x86)\Adobe Utilities - CS5

2011-09-11 13:28 . 2011-09-11 13:29        --------        d-----w-        c:\program files (x86)\Adobe Photoshop CS5

2011-09-11 13:28 . 2011-09-11 13:28        --------        d-----w-        c:\program files (x86)\Adobe Help

2011-09-11 13:28 . 2011-09-11 13:28        --------        d-----w-        c:\program files (x86)\Adobe Extension Manager CS5

2011-09-11 13:27 . 2011-09-11 13:28        --------        d-----w-        c:\program files (x86)\Adobe Device Central CS5

2011-09-11 13:27 . 2011-09-11 13:27        --------        d-----w-        c:\program files (x86)\Adobe Bridge CS5

2011-09-11 11:28 . 2011-08-16 06:48        8862544        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3B7D6CE-8F5C-4C1E-A974-6DC365F57CC0}\mpengine.dll

2011-09-10 09:07 . 2011-09-11 10:52        --------        d-----w-        c:\program files (x86)\Common Files\Steam

2011-09-10 09:07 . 2011-09-10 12:45        --------        d-----w-        c:\program files (x86)\Steam

2011-09-10 08:54 . 2011-09-10 08:54        --------        d-----w-        c:\users\Admin\AppData\Local\Activision

2011-09-10 08:45 . 2011-09-10 08:49        --------        d-----w-        c:\program files (x86)\Call of Duty Black Ops

2011-09-09 18:47 . 2011-09-09 18:47        --------        d-----w-        c:\program files (x86)\ESET

2011-09-08 19:22 . 2011-09-08 19:22        --------        d-----w-        c:\users\Admin\AppData\Roaming\Malwarebytes

2011-09-08 19:22 . 2011-09-08 19:22        --------        d-----w-        c:\programdata\Malwarebytes

2011-09-08 19:22 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-08 19:22 . 2011-09-08 19:22        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-08 19:22 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-08 13:36 . 2011-09-08 13:36        --------        d-----w-        c:\program files (x86)\7-Zip

2011-09-06 20:10 . 2011-09-06 20:10        --------        d-----w-        c:\users\Admin\AppData\Local\FixItCenter

2011-09-06 20:04 . 2011-09-06 20:04        --------        d-----w-        c:\program files\Microsoft Fix it Center

2011-09-06 20:04 . 2011-09-06 20:04        --------        d-----w-        c:\windows\MATS

2011-09-06 10:34 . 2011-09-06 10:34        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-09-06 10:29 . 2011-09-06 19:24        --------        d-----w-        c:\program files (x86)\JDownloader

2011-09-01 22:14 . 2002-12-11 17:12        760968        ----a-w-        c:\windows\SysWow64\WMSDMOD.DLL

2011-09-01 21:50 . 2011-09-01 21:50        --------        d-----w-        c:\program files (x86)\USM

2011-08-31 19:05 . 2011-08-31 19:05        --------        d-----w-        c:\program files (x86)\VirtualCloneDrive

2011-08-31 18:59 . 2011-08-31 19:43        --------        d-----w-        c:\program files (x86)\Landwirtschafts Simulator 2011

2011-08-31 08:30 . 2011-08-31 18:44        --------        d-----w-        c:\program files (x86)\Landwirtschafts Simulator 2011 old

2011-08-30 15:25 . 2011-08-30 15:25        --------        d-----w-        c:\programdata\ATI

2011-08-30 15:23 . 2011-08-30 15:23        --------        d-----w-        c:\program files (x86)\AMD APP

2011-08-30 11:49 . 2011-08-30 11:49        --------        d-----w-        c:\programdata\Raxco

2011-08-30 11:49 . 2011-08-30 11:49        --------        d-----w-        c:\program files\Raxco

2011-08-30 11:48 . 2011-08-30 11:48        --------        d-----w-        c:\program files (x86)\Raxco

2011-08-30 11:48 . 2011-08-30 11:48        --------        d-----w-        c:\program files (x86)\MARKEMENT

2011-08-30 11:44 . 2011-06-10 10:58        49152        ----a-w-        c:\windows\SysWow64\INETWH32.DLL

2011-08-30 11:44 . 2011-06-10 10:58        28672        ----a-w-        c:\windows\SysWow64\nnr.dll

2011-08-30 11:44 . 2011-06-10 10:58        1056768        ----a-w-        c:\windows\SysWow64\ROBOEX32.DLL

2011-08-30 11:43 . 2011-08-30 11:43        --------        d-----w-        c:\program files (x86)\NetObjects

2011-08-30 11:38 . 2011-09-06 19:35        --------        d-----w-        c:\users\Admin\AppData\Roaming\proDAD

2011-08-30 11:38 . 2011-08-30 11:38        --------        d-----w-        c:\program files (x86)\proDAD

2011-08-30 11:37 . 2011-09-02 00:22        --------        d-----w-        c:\programdata\proDAD

2011-08-30 11:29 . 2011-08-30 11:29        --------        d-----w-        c:\program files (x86)\Ashampoo

2011-08-30 11:28 . 2011-09-06 19:25        --------        d-----w-        c:\program files (x86)\Landwirtschafts-Simulator 2009

2011-08-25 17:45 . 2011-07-09 05:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-08-25 17:45 . 2011-07-09 04:29        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-08-21 14:17 . 2011-08-21 14:17        --------        d-sh--w-        c:\programdata\SecuROM

2011-08-20 23:02 . 2011-08-21 14:16        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-08-20 23:02 . 2011-08-20 23:02        --------        d-----w-        c:\windows\SysWow64\xlive

2011-08-19 13:32 . 2011-08-19 13:32        --------        d-----w-        c:\program files (x86)\Lavalys

2011-08-17 13:06 . 2011-08-17 13:06        --------        d-----w-        c:\users\Admin\AppData\Local\LogiShrd

2011-08-15 18:33 . 2011-08-15 18:33        53248        ----a-r-        c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-08-15 18:33 . 2011-08-15 18:33        --------        d-----w-        c:\users\Admin\AppData\Roaming\Leadertech

2011-08-15 18:33 . 2011-08-15 18:33        --------        d-----w-        c:\program files (x86)\Common Files\LogiShrd

2011-08-15 18:33 . 2011-08-17 13:03        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys

2011-08-15 18:32 . 2011-08-15 18:32        --------        d-----w-        c:\program files (x86)\SetPointG

2011-08-15 18:32 . 2011-08-15 18:32        --------        d-----w-        c:\program files (x86)\SetPointP

2011-08-15 18:31 . 2011-08-15 18:33        --------        d-----w-        c:\program files\Common Files\LogiShrd

2011-08-15 18:31 . 2011-08-15 18:34        --------        d-----w-        c:\users\Admin\AppData\Roaming\Logitech

2011-08-15 18:31 . 2011-08-15 18:31        --------        d-----w-        c:\users\Admin\AppData\Roaming\Logishrd

2011-08-13 18:43 . 2011-09-10 15:46        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-10 15:46 . 2011-04-12 15:10        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-09-06 10:06 . 2011-05-22 18:37        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 13:58 . 2010-08-20 16:53        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-09-01 13:57 . 2010-08-20 16:53        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-08-15 20:08 . 2011-03-06 12:47        59256        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys

2011-08-15 12:05 . 2011-03-06 12:47        50552        ----a-w-        c:\windows\system32\drivers\GDBehave.sys

2011-08-15 12:05 . 2011-03-06 12:47        110968        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys

2011-08-15 12:05 . 2011-03-06 12:47        65912        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys

2011-08-11 20:29 . 2011-06-29 17:32        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-08-10 13:32 . 2010-12-19 13:23        34624        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-08-10 13:23 . 2010-12-19 13:23        25920        ----a-w-        c:\windows\system32\authuitu.dll

2011-08-10 13:23 . 2010-12-19 13:23        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll

2011-08-10 13:23 . 2010-12-19 13:23        36160        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-08-10 13:23 . 2010-12-19 13:23        29504        ----a-w-        c:\windows\SysWow64\uxtuneup.dll

2011-08-09 10:27 . 2010-08-07 08:24        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-08-09 10:17 . 2010-08-07 08:23        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-08-09 10:17 . 2010-08-20 16:52        1166144        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-08-08 16:55 . 2011-08-08 16:55        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-28 22:23 . 2011-07-28 22:23        9980416        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-07-28 22:09 . 2011-07-28 22:09        23921664        ----a-w-        c:\windows\system32\atio6axx.dll

2011-07-28 21:44 . 2011-07-28 21:44        18388480        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-07-28 21:40 . 2011-07-28 21:40        151552        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-07-28 21:40 . 2011-07-28 21:40        726528        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-07-28 21:39 . 2011-07-28 21:39        852992        ----a-w-        c:\windows\system32\aticfx64.dll

2011-07-28 21:36 . 2011-05-25 03:04        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-07-28 21:36 . 2011-07-28 21:36        485376        ----a-w-        c:\windows\system32\atieclxx.exe

2011-07-28 21:35 . 2011-07-28 21:35        204288        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-07-28 21:34 . 2011-07-28 21:34        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-07-28 21:34 . 2011-07-28 21:34        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-07-28 21:33 . 2011-07-28 21:33        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-07-28 21:33 . 2011-07-28 21:33        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-07-28 21:33 . 2011-07-28 21:33        21504        ----a-w-        c:\windows\system32\atimuixx.dll

2011-07-28 21:33 . 2011-07-28 21:33        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-07-28 21:33 . 2011-07-28 21:33        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-07-28 21:30 . 2011-07-28 21:30        4198912        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-07-28 21:20 . 2011-07-28 21:20        4943360        ----a-w-        c:\windows\system32\atidxx64.dll

2011-07-28 21:12 . 2011-07-28 21:12        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-07-28 21:11 . 2011-07-28 21:11        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll

2011-07-28 21:11 . 2011-07-28 21:11        3871744        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-07-28 21:11 . 2011-07-28 21:11        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-07-28 21:11 . 2011-07-28 21:11        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-07-28 21:11 . 2011-07-28 21:11        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-07-28 21:11 . 2011-07-28 21:11        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-07-28 21:10 . 2011-07-28 21:10        9644544        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-07-28 21:09 . 2011-07-28 21:09        4256768        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-07-28 21:07 . 2011-07-28 21:07        8247296        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-07-28 21:03 . 2011-07-28 21:03        4056064        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-07-28 21:02 . 2011-07-28 21:02        5399040        ----a-w-        c:\windows\system32\atiumd64.dll

2011-07-28 21:01 . 2011-07-28 21:01        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-07-28 20:54 . 2011-05-25 02:26        378368        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-07-28 20:54 . 2011-07-28 20:54        266240        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-07-28 20:54 . 2011-07-28 20:54        15360        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-07-28 20:54 . 2011-07-28 20:54        13312        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-07-28 20:54 . 2011-07-28 20:54        13312        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-07-28 20:54 . 2011-07-28 20:54        39936        ----a-w-        c:\windows\system32\atig6txx.dll

2011-07-28 20:54 . 2011-07-28 20:54        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-07-28 20:54 . 2011-07-28 20:54        309248        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-07-28 20:53 . 2011-07-28 20:53        40960        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-07-28 20:53 . 2011-07-28 20:53        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-07-28 20:53 . 2011-07-28 20:53        38912        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-07-28 20:53 . 2011-07-28 20:53        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-07-28 20:52 . 2011-07-28 20:52        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-07-28 20:51 . 2011-07-28 20:51        53760        ----a-w-        c:\windows\system32\atimpc64.dll

2011-07-28 20:51 . 2011-07-28 20:51        53760        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-07-28 20:51 . 2011-07-28 20:51        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-07-28 20:51 . 2011-07-28 20:51        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

2011-07-28 15:49 . 2011-07-28 15:49        60416        ----a-w-        c:\windows\system32\OVDecode64.dll

2011-07-28 15:48 . 2011-07-28 15:48        16552960        ----a-w-        c:\windows\system32\amdocl64.dll

2011-07-22 05:42 . 2011-08-11 10:46        2303488        ----a-w-        c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-11 10:46        1389056        ----a-w-        c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-11 10:46        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-11 10:46        1797632        ----a-w-        c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-11 10:46        1126912        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-11 10:46        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-07-17 21:54 . 2011-07-17 21:54        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll

2011-07-16 05:41 . 2011-08-10 18:16        362496        ----a-w-        c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-10 18:16        243200        ----a-w-        c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-10 18:16        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-10 18:16        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-10 18:16        421888        ----a-w-        c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-10 18:16        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 18:16        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2006-05-03 10:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll

2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           \0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"FixCamera"=c:\windows\FixCamera.exe

"tsnpstd3"=c:\windows\tsnpstd3.exe

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"WheelMouse"=c:\advanc~1\wh_exec.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 EyelineService;Eyeline Video System;c:\program files (x86)\NCH Software\Eyeline\eyeline.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]

R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]

R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]

R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]

R3 X6va005;X6va005;c:\users\Admin\AppData\Local\Temp\0056D43.tmp [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R4 DTProTS;DTProTS 2.01;c:\program files (x86)\DTProTS\DTProTS.exe [1999-12-31 271360]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]

R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-10 2027840]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-12-18 14544]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 11:41]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 11:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"EvtMgr6"="c:\program files (x86)\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mStart Page = 

mLocal Page = 

IE: Free YouTube Download - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.50.140.116 192.168.123.254

TCP: Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o4751zle.default\

FF - prefs.js: browser.search.selectedEngine - Facemoods Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_p4f.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]

"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\0056D43.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,ba,5b,7a,48,a6,48,ad,5f,a0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,ba,5b,7a,48,a6,48,ad,5f,a0,\

.

[HKEY_USERS\S-1-5-21-741516300-845660521-4105745025-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:51,1a,2b,e1,e1,bb,06,1c,97,56,52,b3,e5,0d,da,f8,e9,3c,77,87,76,94,f1,

   24,11,1f,8d,86,a8,d7,15,25,c4,27,6c,af,2f,23,43,a3,6a,3a,19,9b,a4,5b,59,04,\

"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

.

[HKEY_USERS\S-1-5-21-741516300-845660521-4105745025-1000\Software\SecuROM\License information*]

"datasecu"=hex:d2,6e,9d,27,cd,87,8a,aa,2a,78,f6,d1,4f,d7,ec,ef,9f,aa,ad,78,9a,

   e3,50,2f,5d,9b,a0,b1,b6,38,b5,ae,c5,b1,b7,51,a6,ba,be,88,f7,e5,65,a8,7c,79,\

"rkeysecu"=hex:4a,52,43,84,f2,c6,e6,de,5a,6b,96,31,80,df,cc,1c

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-09-11  21:53:44 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-09-11 19:53

.

Vor Suchlauf: 14 Verzeichnis(se), 1.089.255.792.640 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 1.089.138.237.440 Bytes frei

.

- - End Of File - - AF7335277CD8E300E7845385EA0AAF1C

cosinus

12.09.2011 10:35

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

fondorking

12.09.2011 15:53

des scan button ist "ausgeschaltet"

mal eine frage, wieviele von solchen programmen muss ich denn noch starten?^^

cosinus

12.09.2011 15:54

Nur noch das, dann kommen Kontrollscans.

=> Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

fondorking

12.09.2011 17:27

so, jetzt scant es gerade. mir ist auch mal aufgefallen, dass das mit dem "keine rückmeldung" immer dann kommt wenn gerade irgendwas anderes mit dem internet beschäftigt ist. oder wie jetzt im mom mit diesem programm was grade scant.

fondorking

12.09.2011 17:37

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-09-12 18:05:43

-----------------------------

18:05:43.461    OS Version: Windows x64 6.1.7601 Service Pack 1

18:05:43.461    Number of processors: 4 586 0x170A

18:05:43.462    ComputerName: ENERMAX  UserName: Cedric

18:05:45.250    Initialize success

18:19:16.142    AVAST engine defs: 11091200

18:20:14.018    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

18:20:14.020    Disk 0 Vendor: SAMSUNG_HD154UI 1AG01118 Size: 1430799MB BusType: 3

18:20:16.025    Disk 0 MBR read successfully

18:20:16.027    Disk 0 MBR scan

18:20:16.036    Disk 0 Windows 7 default MBR code

18:20:16.038    Service scanning

18:20:17.751    Modules scanning

18:20:17.754    Disk 0 trace - called modules:

18:20:17.764    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 

18:20:17.767    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3a060]

18:20:17.769    3 CLASSPNP.SYS[fffff880016a643f] -> nt!IofCallDriver -> [0xfffffa80047d6520]

18:20:17.772    5 ACPI.sys[fffff88000f4e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d7680]

18:20:19.552    AVAST engine scan C:\Windows

18:20:23.700    AVAST engine scan C:\Windows\system32

18:21:56.380    AVAST engine scan C:\Windows\system32\drivers

18:22:08.524    AVAST engine scan C:\Users\Admin

18:33:52.839    AVAST engine scan C:\ProgramData

18:36:10.279    Scan finished successfully

18:36:52.207    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

18:36:52.208    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

cosinus

12.09.2011 20:59

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

fondorking

14.09.2011 13:22

malwarebytes lässt ich nicht updaten, da immer die meldung kommt das gewisse dateien sich nicht überschreiben lassen da ich nicht die richtigen rechte habe.
Ich bin aber Admin.
und mir fällt gerade beim schreiben auf, dass wieder kein rückmeldung kommt, warscheinlich weil ich gerade anty spyware runterade.. ist schon echt nervig.

cosinus

14.09.2011 15:08

Starte MBAM per Rechtsklick => als Administrator

fondorking

14.09.2011 16:45

ok mach ich gleich mal, ich hab in der zeit mal mit anti spyware weiter gemacht hier der log (heißt doch DER log oder?:pfeiff: ) :

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/14/2011 at 04:25 PM
 

Application Version : 5.0.1118
 

Core Rules Database Version : 7688

Trace Rules Database Version: 5500
 

Scan type       : Complete Scan

Total Scan Time : 01:49:44
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 505

Memory threats detected   : 0

Registry items scanned    : 73158

Registry threats detected : 2

File items scanned        : 334156

File threats detected     : 328
 

Adware.Tracking Cookie

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@2o7[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.adc-serv[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.adition[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.adnet[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.adserver01[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.zanox[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad1.adfarm1.adition[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad2.adfarm1.adition[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad2.adfarm1.adition[3].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad2.adfarm1.adition[4].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adbrite[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adcentriconline[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adfarm1.adition[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adfarm1.adition[3].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adfarm1.adition[4].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.adshopping[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.medienhaus[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adserver.traffictrack[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adserving.claxon[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@adtech[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@advertise[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@advertising[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@apmebf[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt.combing[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atwola[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bluestreak[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bs.serving-sys[3].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@cdn.at.atwola[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@clicksor[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[3].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[4].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@eaeacom.112.2o7[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@eas.apm.emediate[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@euros4click[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@gamecenter.oberon-media[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@im.banner.t-online[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@imrworldwide[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@maniahome.trackmania[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@maniapub.trackmania[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediaplex[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@msnportal.112.2o7[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@myroitracking[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@oberon-media[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@pointroll[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@pro-market[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@questionmarket[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@realaporn[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@revsci[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@serving-sys[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@smartadserver[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tacoda[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@track.adform[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@track.adform[3].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tracking.mindshare[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tracking.mlsat02[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tracking.quisma[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@trackmania-best-racing.de[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tradedoubler[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@traffictrack[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@unitymedia[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@vdwp.solution.weborama[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@webmasterplan[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@weborama[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.active-tracking[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.xxxmsncam[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.zanox-affiliate[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@xxxmsncam[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@yadro[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@zanox-affiliate[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@zanox[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\cedric@adtech[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\cedric@content.yieldmanager[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\cedric@doubleclick[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\system@microsoftwindows.112.2o7[1].txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V01ZCWEU.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KOWPPKE6.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MC5FOQ3L.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VKCZLMOI.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K5GSB9OE.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6O32LJ43.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U1DBJOQ2.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZIDKQ79O.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DNDQ4DXE.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YUBHCCHQ.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E6QID304.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\79NIGSC3.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V03QK15W.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CNT8EL4E.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C13SQ84R.txt

        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GFVVMI81.txt

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@112.2O7[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@4STATS[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@A7.ADSERVER01[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.AD-SRV[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.AD-SRV[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.ADC-SERV[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.ADNET[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.ADSERVER01[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.BAUERVERLAG[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.MOGELPOWER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.SALEBROKER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.YIELDMANAGER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.YIELDMANAGER[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD.ZANOX[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AD2.ADFARM1.ADITION[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADFARM1.ADITION[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADFORM[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.AD4GAME[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.ADSHOPPING[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.CLICKADSERVER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.CREATIVE-SERVING[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.DZO-MARKETING[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.ETELEON[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.PAGENSTECHER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.QUARTERMEDIA[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.WEBME[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS.WEBME[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADS2.UCLICK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADSERVER.ADTECHUS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADSRV.ADMEDIATE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADTECH[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADVERTISING[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADVIVA[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADX.CHIP[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ADX.CHIP[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@APMEBF[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@AT.ATWOLA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ATDMT[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@BILDER.XXXSRV[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@BOB.ELITEPVPERS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@BS.SERVING-SYS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@BS.SERVING-SYS[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CDN5.SPECIFICCLICK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CHITIKA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CLICK.MEDIADOME[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CLICKAIDER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@COLLECTIVE-MEDIA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CONRAD.122.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CONTENT.YIELDMANAGER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CONTENT.YIELDMANAGER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@CONTENT.YIELDMANAGER[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@DE.PARTYPOKER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@DIVX.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@DOUBLECLICK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@E-2DJ6WJLIWODPMEO.STATS.ESOMNITURE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@E-2DJ6WJMIGPAZACQ.STATS.ESOMNITURE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@EAEACOM.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@EAS.APM.EMEDIATE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ELITEPVPERS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ELITEPVPERS[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@EUROS4CLICK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@FASTCLICK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@HIMEDIA.INDIVIDUAD[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@IM.BANNER.T-ONLINE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@IMRWORLDWIDE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@IMRWORLDWIDE[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@INVITEMEDIA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@KOMTRACK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@KQV.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@LARGEBANNER360[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MEDIA.PHOTOBUCKET[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MEDIA6DEGREES[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MEDIAMARKT.DESIGNCAPE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MEDIAPLEX[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MEDIAX.MOBILENOBO[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MICROSOFTWINDOWS.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MMEDIA.T134[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@MSNPORTAL.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@OAS.ADSERVINGML[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@OFFICIAL.TRACKMANIA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@PARTNERS.WEBMASTERPLAN[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@PARTYPOKER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@QUESTIONMARKET[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@REVENUE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@REVSCI[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ROTATOR.ADJUGGLER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@RTS.PGMEDIASERVE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SALES.LIVEPERSON[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SALES.LIVEPERSON[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SERVER.CPMSTAR[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SERVING-SYS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SERVING-SYS[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SEVENONEINTERMEDIA.112.2O7[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SHOP.ZANOX[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SMARTADSERVER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@SPECIFICCLICK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@STAT.DEALTIME[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@STATCOUNTER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@STATSE.WEBTRENDSLIVE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@STUDIVZ.ADFARM1.ADITION[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TACODA[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACK.ADFORM[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACK.EFFILIATION[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACK.EFFILIATION[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACK.WEBTREKK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKING.INTERAKTIVFABRIK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKING.MINDSHARE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKING.QUISMA[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKING.QUISMA[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKMANIA-BEST-RACING.DE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKMANIA-BEST-RACING.DE[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKMANIA-CARPARK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRACKMANIA-THE-GAME[3].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRADEDOUBLER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRAFFICTRACK[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@TRIBALFUSION[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@UK.AT.ATWOLA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@UNITYMEDIA[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@UNITYMEDIA[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WEBMASTERPLAN[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WW251.SMARTADSERVER[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.ACTIVE-TRACKING[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.ELITEPVPERS[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.ETRACKER[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.GOOGLEADSERVICES[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.TRACKMANIA-CARPARK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.USENEXT[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.ZANOX-AFFILIATE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@WWW.ZANOX-AFFILIATE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@XITI[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@YADRO[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZANOX-AFFILIATE[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZANOX-AFFILIATE[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZANOX[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZANOX[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZBOX.ZANOX[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZEDO[1].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ADMIN@ZIELTRACK[2].TXT

        C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CEDRIC@EAEACOM.112.2O7[1].TXT

        .atdmt.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        zbox.zanox.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        fl01.ct2.comclick.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        fl01.ct2.comclick.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        fl01.ct2.comclick.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .content.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adlegend.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        banner.testberichte.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        www.bike-discount.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .bike-discount.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .bike-discount.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .bike-discount.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .shop.fahrradnet24.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .shop.fahrradnet24.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .shop.fahrradnet24.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR7KWNM2.DEFAULT\COOKIES.SQLITE ]

        trackmania-best-racing.de.tl [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4751ZLE.DEFAULT\COOKIES.SQLITE ]

        trackmania-best-racing.de.tl [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4751ZLE.DEFAULT\COOKIES.SQLITE ]

        .trackmania-best-racing.de.tl [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4751ZLE.DEFAULT\COOKIES.SQLITE ]

        .trackmania-best-racing.de.tl [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4751ZLE.DEFAULT\COOKIES.SQLITE ]

        .trackmania-best-racing.de.tl [ C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4751ZLE.DEFAULT\COOKIES.SQLITE ]
 

Browser Hijacker.Deskbar

        (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

        (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

fondorking

14.09.2011 19:24

Ich hab auch mal gegoogelt und da stand, dass das mit der Rückmeldung auch bei ihm kam und dann nach einiger zeit seine festplatte kaputt war, kanns daran liegen?

Alle Zeitangaben in WEZ +1. Es ist jetzt 05:05 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131