Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bootsektorvirus BOO/TDss.D mehrmals im System (https://www.trojaner-board.de/103796-bootsektorvirus-boo-tdss-d-mehrmals-system.html)

Rayin 02.10.2011 21:46
Bootsektorvirus BOO/TDss.D mehrmals im System
 
Hallo,
ich habe folgendes Problem:
Als ich letztens meinen Laptop hochgefahren habe, hab ich eine Menge Windowsfehlermeldungen, dass bestimmte Dateien/dll's nicht ausgeführt werden können, bekommen. Darauf hin hab ich mit Hilfe eines Wiederherstellungspunktes mein System wieder auf einen früheren Zeitpunkt zurückgesetz. Dadurch sind die ganzen Fehlermeldung verschwunden, allerdings bekomme ich jetzt bei jedem Systemstart von AntiVir 3 Nachrichten, dass ich den Bootsektorvirus BOO/TDss.D habe.

Ein Bekannter hat probiert es mit Combofix und TDSS Killer oder so zubeheben. Vergeblich.

Ich hoffe, dass ich die goldenen Regeln beachtet habe und danke euch schon einmal im Voraus.

kira 03.10.2011 16:10
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

Rayin 03.10.2011 22:15
Hi,
der TDSSKiller findet auf meinem Laptop nichts, daher werde ich auch nicht aufgefordert das System neu zu starten.
Liegt das vielleicht daran, dass mein Bekannter schon einmal probiert hat was mit TDSSKiller zu machen? Ich hab nämlich unter C:\ einen Ordner mit dem Namen: TDSSKiller_Quarantine.

Ansonsten hier die Logfiles:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7856

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

03.10.2011 19:46:13
mbam-log-2011-10-03 (19-46-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 463668
Laufzeit: 1 Stunde(n), 15 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted

successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\EA GAMES\battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
d:\Anime\fritz!box_reconnect\exe\nc.exe (PUP.Netcat) -> Not selected for removal.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
CCleaner
Code:
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        28.09.2011        6,00MB        10.3.183.10
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        28.09.2011        6,00MB        10.3.183.10
Advent Children Avatare        United ODC Corporation        15.09.2011                1.0               
Akamai NetSession Interface                04.09.2010               
Allied Intent Xtended 2.0        AIX Community        17.10.2010                2.0
Angry Birds        Rovio        17.07.2011        45,9MB        1.5.2
Apple Application Support        Apple Inc.        04.08.2011        60,2MB        2.0.1
Apple Mobile Device Support        Apple Inc.        05.07.2011        22,7MB        3.4.1.2
Apple Software Update        Apple Inc.        05.07.2011        2,38MB        2.1.3.127
Assassin's Creed Brotherhood        Ubisoft        30.05.2011                1.00
ASUS AI Recovery        ASUS        04.09.2010        2,89MB        1.0.6
ASUS Data Security Manager        ASUS        04.09.2010        15,1MB        1.00.0013
ASUS FancyStart        ASUSTeK Computer Inc.        04.09.2010        10,5MB        1.0.6
ASUS LifeFrame3        ASUS        04.09.2010        27,7MB        3.0.20
ASUS Power4Gear Hybrid        ASUS        04.09.2010        10,8MB        1.1.19
ASUS SmartLogon        ASUS        04.09.2010        10,9MB        1.0.0007
ASUS Splendid Video Enhancement Technology        ASUS        04.09.2010        24,4MB        1.02.0028
ASUS Virtual Camera        asus        04.09.2010        2,88MB        1.0.16
Asus_Camera_ScreenSaver        ASUS        04.09.2010                2.0.0009
ATK Generic Function Service        ATK        04.09.2010                1.00.0008
ATK Hotkey        ASUS        04.09.2010        5,75MB        1.0.0051
ATK Media        ASUS        04.09.2010        0,18MB        2.0.0005
ATKOSD2        ASUS        04.09.2010        8,08MB        7.0.0005
Audacity 1.2.6                10.01.2011               
Audition Online        Burda:ic        04.09.2010                1.2.6064
Avira AntiVir Personal - Free Antivirus        Avira GmbH        26.09.2011        70,6MB        10.2.0.703
Battlefield 2(TM)                17.10.2010               
BitTorrent                25.03.2011                7.2.1
Bonjour        Apple Inc.        25.07.2011        1,54MB        3.0.0.2
Call of Duty: Black Ops                15.12.2010               
CamStudio                03.01.2011               
CCleaner        Piriform        02.10.2011                3.11
Conduit Engine        Conduit Ltd.        13.12.2010               
ControlDeck        ASUS        04.09.2010        1,81MB        1.0.3
Creative MediaSource 5        Creative Technology Limited        04.09.2010                5.00
Crysis® 2        Electronic Arts        26.07.2011        7.757MB        1.0.0.0
CyberLink LabelPrint        CyberLink Corp.        09.10.2010                2.0.2908
CyberLink Power2Go        CyberLink Corp.        09.10.2010        121,8MB        6.0.1924
DAEMON Tools Lite        DT Soft Ltd        12.02.2011                4.40.2.0131
Dawn of War - Dark Crusade        THQ        18.02.2011                1.00.0000
Dawn of War - Soulstorm        THQ        16.03.2011                1.00.0000
Dawn Of War - Winter Assault        THQ        18.02.2011        1.001MB        1.4
DawnOfWar        THQ        18.02.2011        1.579MB        1.00.00000
Dragon Age II        Electronic Arts, Inc.        16.05.2011        5.167MB        1.02
Dragon Age: Origins        Electronic Arts, Inc.        16.02.2011                1.04
Dragonica(DE)        GALA Networks Europe Limited.        25.11.2010                9.5.8.0
Express Gate        DeviceVM, Inc.        04.09.2010        381MB        1.2.13.14
Fast Boot        ASUS        04.09.2010        1,45MB        1.0.4
Fate/stay night English v3.2                10.08.2011               
Fate_sword dance                10.08.2011               
FiceMusic        United ODC Corporation        15.09.2011                1.51
Final Fantasy VII                05.09.2011               
Final Fantasy VII v1.02 Update        United ODC Corporation        05.09.2011                1.02
Foxit Reader        Foxit Corporation        19.02.2011        11,2MB        4.3.1.118
Fraps (remove only)                10.09.2010               
Free YouTube to MP3 Converter version 3.10.9.908        DVDVideoSoft Ltd.        19.09.2011        42,4MB       
GIMP 2.6.10        The GIMP Team        09.09.2010        108,4MB        2.6.10
Google Chrome        Google Inc.        27.09.2011                14.0.835.186
Google Earth        Google        26.06.2011        84,6MB        6.0.3.2197
Hama Black Force Pad                26.12.2010                2007.01.01
Hamachi 1.0.3.0                28.09.2011               
ITECIR        ITE        04.09.2010                1.00.0000
iTunes        Apple Inc.        25.08.2011        142,0MB        10.4.1.10
Java(TM) 6 Update 15        Sun Microsystems, Inc.        04.09.2010        95,0MB        6.0.150
JDownloader        AppWork UG (haftungsbeschränkt)        04.09.2010                0.89
Laptop-Keypad Patch        United ODC Corporation        15.09.2011                1.00
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        02.10.2011        13,8MB        1.51.2.1300
Messenger Plus! 5        Yuna Software        01.10.2011                5.10.0.748
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        05.10.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        05.10.2010        2,94MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        22.09.2011        52,0MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        22.09.2011        10,7MB        4.0.30319
Microsoft AppLocale        MS        27.04.2011        3,62MB        1.0.0
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Professional 2007        Microsoft Corporation        27.01.2011                12.0.6425.1000
Microsoft Office Standard 2007        Microsoft Corporation        27.01.2011                12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        30.07.2011        40,4MB        4.0.60531.0
Microsoft Visual Basic Power Packs 3.0        Microsoft        22.09.2011        5,28MB        9.0.30214
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        27.01.2011        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        27.01.2011        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,77MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        25.01.2011        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        29.03.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        04.09.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        04.09.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,59MB        9.0.30729.6161
Microsoft Windows Application Compatibility Database                27.04.2011               
Mozilla Firefox 7.0 (x86 de)        Mozilla        27.09.2011        34,1MB        7.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        24.04.2011        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.04.2011        1,33MB        4.20.9876.0
NVIDIA 3D Vision Treiber 267.76        NVIDIA Corporation        26.03.2011                267.76
NVIDIA Grafiktreiber 267.76        NVIDIA Corporation        26.03.2011                267.76
NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        26.03.2011                9.10.0514
OpenAL                15.05.2011               
osu!        peppy        23.07.2011        128,2MB        0.0.0.0
PlayReady PC Runtime amd64        Microsoft Corporation        17.09.2011        2,06MB        1.3.0
Prototype(TM)        Activision        10.09.2010        7.971MB        1.0
PunkBuster Services        Even Balance, Inc.        04.04.2011                0.990
QuickTime        Apple Inc.        04.08.2011        73,0MB        7.70.80.34
Rapture3D 2.4.4 Game        Blue Ripple Sound        15.05.2011               
Realtek 8136 8168 8169 Ethernet Driver        Realtek        04.09.2010                1.00.0005
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        12.02.2011                6.0.1.6299
RICOH R5U8xx Media Driver ver.3.62.02        RICOH        04.09.2010                3.62.02
RocketDock 1.3.5        Punk Software        04.09.2010               
Skype™ 5.3        Skype Technologies S.A.        09.07.2011        16,6MB        5.3.120
Sound Blaster Audigy HD        Creative Technology Limited        04.09.2010                1.0
SWAT 4                16.05.2011               
Synaptics Pointing Device Driver        Synaptics Incorporated        04.09.2010                13.2.6.1
TeamSpeak 3 Client        TeamSpeak Systems GmbH        25.01.2011               
TuneUp Utilities 2011        TuneUp Software        14.09.2011                10.0.4400.22
Ubisoft Game Launcher        UBISOFT        30.05.2011                1.0.0.0
USB 2.0 2.0M UVC WebCam                04.09.2010               
Vegas Pro 10.0 (64-bit)        Sony        29.07.2011        456MB        10.0.738
Veoh Web Player        Veoh Networks, Inc.        03.11.2010                1.1.2.0000
VLC media player 1.1.11        VideoLAN        09.08.2011                1.1.11
Warcraft III        Blizzard Entertainment        17.02.2011               
Winamp        Nullsoft, Inc        13.07.2011                5.621
Winamp Erkennungs-Plug-in        Nullsoft, Inc        13.07.2011        75,00KB        1.0.0.1
Windows Live Essentials        Microsoft Corporation        27.01.2011                14.0.8117.0416
Windows Live-Uploadtool        Microsoft Corporation        27.01.2011        0,22MB        14.0.8014.1029
Windows Media Tools 4.0                27.04.2011               
WinFlash        ASUS        04.09.2010        1,29MB        2.29.0
WinRAR 4.01 (64-Bit)        win.rar GmbH        10.08.2011                4.01.0
Wireless Console 3        ASUS        04.09.2010        2,43MB        3.0.10
XMedia Recode 3.0.2.5        Sebastian Dörfler        15.09.2011                3.0.2.5

Rayin 03.10.2011 22:17
OTL Logfile:
Code:
OTL logfile created on: 03.10.2011 19:51:16 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,26% Memory free
6,00 Gb Paging File | 4,35 Gb Available in Paging File | 72,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,44 Gb Total Space | 73,99 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 47,82 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Drive E: | 14,63 Gb Total Space | 2,75 Gb Free Space | 18,82% Space Free | Partition Type: FAT32
 
Computer Name: SOULWALKER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.09.23 06:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.20 12:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.05 21:03:10 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.07.16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.07.07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.06.24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 00:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.04.20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008.12.30 01:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.23 06:44:20 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 02:35:14 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.03.26 23:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.07 03:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.01 14:19:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.09.01 14:25:34 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.01 14:19:26 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.09.05 21:03:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.09.05 21:03:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.29 12:06:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 12:06:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.13 19:28:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.05 21:01:23 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010.06.09 13:00:50 | 001,887,528 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TrdCap64.sys -- (TrdCap64)
DRV:64bit: - [2010.01.13 18:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.10 04:52:06 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009.07.20 11:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:16:30 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.10 01:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010.10.07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 AB DF 66 8D 2F CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {0056ABDC-7674-4E69-BECC-6119033A4E91}:1.9.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.28 21:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:04:24 | 000,000,000 | ---D | M]
 
[2010.09.05 13:31:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.10.02 21:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.09.02 14:48:48 | 000,001,933 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\arcana-heart-3-wiki-en.xml
[2011.09.18 03:04:36 | 000,002,273 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\blazblue-wiki-en.xml
[2010.09.05 15:59:19 | 000,001,919 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bleach-wiki-en.xml
[2011.02.25 13:30:38 | 000,001,431 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bulbapedia-en.xml
[2011.09.17 17:22:00 | 000,002,321 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dictcc.xml
[2011.02.13 03:50:53 | 000,002,276 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dragon-age-wiki-en.xml
[2011.02.11 01:04:15 | 000,001,651 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\e-h-galleries.xml
[2010.09.07 01:09:43 | 000,001,936 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\fairy-tail-wiki-en.xml
[2010.09.06 23:24:54 | 000,000,924 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\gendou.xml
[2011.01.15 20:38:23 | 000,005,612 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\kingdom-hearts-wiki-en.xml
[2010.09.05 21:20:18 | 000,006,263 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\narutopedia-en.xml
[2011.02.15 20:33:33 | 000,002,291 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\one-piece-encyclopedia-en.xml
[2011.02.25 00:25:26 | 000,002,581 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\pokwiki-de.xml
[2011.08.07 17:20:04 | 000,002,309 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\rosario--vampire-wiki-en.xml
[2011.01.07 20:19:27 | 000,005,161 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\scratchpad-en.xml
[2011.09.17 19:24:55 | 000,001,330 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\wikipedia-en.xml
[2010.09.05 15:59:04 | 000,002,057 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\youtube-videosuche.xml
[2011.09.28 21:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLKHVCNV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.23 06:44:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 03:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 03:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 03:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 03:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 03:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 03:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\~
CHR - Extension: FlashBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
 
O1 HOSTS File: ([2011.10.02 20:56:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE833978-C63A-415A-8DD9-DD66079F144A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.03 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.10.03 18:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.03 18:27:02 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.03 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.03 18:26:07 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.03 18:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.03 18:00:04 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe
[2011.10.02 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Messenger Plus
[2011.10.02 21:52:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:34:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.10.02 21:30:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.10.02 21:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.10.02 20:10:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.02 20:10:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.02 20:10:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.02 20:09:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.10.02 20:09:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.10.02 20:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.29 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.09.29 21:45:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hamachi
[2011.09.29 21:44:40 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2011.09.29 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2011.09.28 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.09.28 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011.09.28 12:42:48 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011.09.28 12:42:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Image Converter Plus
[2011.09.25 03:02:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.09.24 23:35:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mkvtoolnix-unicode-1.7.0
[2011.09.24 23:34:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.09.23 19:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs
[2011.09.20 21:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.09.19 07:00:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.09.18 18:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.09.18 04:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.16 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.09.06 00:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2011.09.06 00:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Soft, Inc
[2011.09.05 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\realtech_VR
[2011.09.05 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\realtech VR
[2011.09.05 23:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\realtech VR
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.03 19:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 19:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 19:48:28 | 000,001,807 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.10.03 19:48:26 | 000,002,024 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.10.03 19:47:57 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.03 19:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.03 19:47:43 | 2415,366,144 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.03 18:27:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.03 18:26:20 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.03 17:59:58 | 001,529,369 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
[2011.10.03 17:38:04 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe
[2011.10.02 21:54:22 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.02 21:54:22 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.02 21:54:22 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.02 21:54:22 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.02 21:54:22 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:49:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:56:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.01 01:45:58 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.01 01:45:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 23:25:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:38:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.29 21:38:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.24 23:42:44 | 001,599,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.23 10:53:54 | 519,920,318 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.18 23:36:30 | 000,000,277 | ---- | M] () -- C:\data3.lht
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.03 18:27:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.03 17:59:57 | 001,529,369 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller.zip
[2011.10.03 01:54:32 | 046,473,013 | ---- | C] () -- C:\world_gm (2).lgp
[2011.10.02 21:48:58 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:10:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.02 20:10:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.02 20:10:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.02 20:10:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.02 20:10:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.28 21:02:15 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.28 21:02:15 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.19 07:00:39 | 519,920,318 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.09.18 15:34:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.02 21:02:48 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll
[2011.05.15 17:55:01 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 23:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsrex.INI
[2011.04.25 00:44:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.03.31 19:22:17 | 001,599,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.30 22:24:22 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.02.24 17:50:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.02.19 23:55:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.02.12 18:24:46 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Iteragey.dat
[2011.02.12 18:24:46 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Odehateb.bin
[2011.01.24 22:19:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.24 21:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.11.21 00:38:32 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.21 00:38:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.11 19:29:11 | 000,007,601 | -H-- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.09.05 21:03:43 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010.09.05 21:03:43 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010.09.05 21:01:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.09.05 21:00:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.09.05 21:00:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.07.30 08:06:18 | 000,049,152 | R--- | C] () -- C:\Windows\UINSTampQLIE.exe
[2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.09.24 16:03:36 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
========== LOP Check ==========
 
[2011.09.29 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.11 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8C666FB52D8C86B232E208484AE35E17
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.09.18 04:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.09.10 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.05 12:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2011.07.28 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DragonicaSCB
[2011.09.25 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.26 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.20 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.24 23:06:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.24 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.07.25 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron
[2011.03.08 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.07.18 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SOFTPAL
[2011.07.30 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.03.03 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2011.03.22 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.08.03 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.07.18 07:03:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.09.10 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.07.28 13:07:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

Rayin 03.10.2011 22:18
OTL Logfile:
Code:
OTL logfile created on: 03.10.2011 19:51:16 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,26% Memory free
6,00 Gb Paging File | 4,35 Gb Available in Paging File | 72,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,44 Gb Total Space | 73,99 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 47,82 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Drive E: | 14,63 Gb Total Space | 2,75 Gb Free Space | 18,82% Space Free | Partition Type: FAT32
 
Computer Name: SOULWALKER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.09.23 06:44:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.20 12:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.05 21:03:10 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.07.16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.07.07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.06.24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 00:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.04.20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008.12.30 01:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.23 06:44:20 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 02:35:14 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.03.26 23:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.07 03:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.01 14:19:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.09.01 14:25:34 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.01 14:19:26 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.09.05 21:03:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.09.05 21:03:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.29 12:06:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 12:06:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.13 19:28:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.05 21:01:23 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010.06.09 13:00:50 | 001,887,528 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TrdCap64.sys -- (TrdCap64)
DRV:64bit: - [2010.01.13 18:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.10 04:52:06 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009.07.20 11:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:16:30 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.10 01:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010.10.07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 AB DF 66 8D 2F CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {0056ABDC-7674-4E69-BECC-6119033A4E91}:1.9.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.28 21:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:04:24 | 000,000,000 | ---D | M]
 
[2010.09.05 13:31:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.10.02 21:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.09.02 14:48:48 | 000,001,933 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\arcana-heart-3-wiki-en.xml
[2011.09.18 03:04:36 | 000,002,273 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\blazblue-wiki-en.xml
[2010.09.05 15:59:19 | 000,001,919 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bleach-wiki-en.xml
[2011.02.25 13:30:38 | 000,001,431 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bulbapedia-en.xml
[2011.09.17 17:22:00 | 000,002,321 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dictcc.xml
[2011.02.13 03:50:53 | 000,002,276 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dragon-age-wiki-en.xml
[2011.02.11 01:04:15 | 000,001,651 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\e-h-galleries.xml
[2010.09.07 01:09:43 | 000,001,936 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\fairy-tail-wiki-en.xml
[2010.09.06 23:24:54 | 000,000,924 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\gendou.xml
[2011.01.15 20:38:23 | 000,005,612 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\kingdom-hearts-wiki-en.xml
[2010.09.05 21:20:18 | 000,006,263 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\narutopedia-en.xml
[2011.02.15 20:33:33 | 000,002,291 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\one-piece-encyclopedia-en.xml
[2011.02.25 00:25:26 | 000,002,581 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\pokwiki-de.xml
[2011.08.07 17:20:04 | 000,002,309 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\rosario--vampire-wiki-en.xml
[2011.01.07 20:19:27 | 000,005,161 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\scratchpad-en.xml
[2011.09.17 19:24:55 | 000,001,330 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\wikipedia-en.xml
[2010.09.05 15:59:04 | 000,002,057 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\youtube-videosuche.xml
[2011.09.28 21:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLKHVCNV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.23 06:44:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 03:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 03:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 03:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 03:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 03:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 03:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\~
CHR - Extension: FlashBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
 
O1 HOSTS File: ([2011.10.02 20:56:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE833978-C63A-415A-8DD9-DD66079F144A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.03 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.10.03 18:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.03 18:27:02 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.03 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.03 18:26:07 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.03 18:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.03 18:00:04 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe
[2011.10.02 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Messenger Plus
[2011.10.02 21:52:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:34:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.10.02 21:30:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.10.02 21:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.10.02 20:10:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.02 20:10:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.02 20:10:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.02 20:09:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.10.02 20:09:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.10.02 20:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.29 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.09.29 21:45:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hamachi
[2011.09.29 21:44:40 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2011.09.29 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2011.09.28 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.09.28 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011.09.28 12:42:48 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011.09.28 12:42:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Image Converter Plus
[2011.09.25 03:02:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.09.24 23:35:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mkvtoolnix-unicode-1.7.0
[2011.09.24 23:34:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.09.23 19:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs
[2011.09.20 21:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.09.19 07:00:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.09.18 18:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.09.18 04:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.16 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.09.06 00:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2011.09.06 00:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Soft, Inc
[2011.09.05 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\realtech_VR
[2011.09.05 23:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\realtech VR
[2011.09.05 23:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\realtech VR
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.03 19:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 19:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 19:48:28 | 000,001,807 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.10.03 19:48:26 | 000,002,024 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.10.03 19:47:57 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.03 19:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.03 19:47:43 | 2415,366,144 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.03 18:27:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.03 18:26:20 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.03 17:59:58 | 001,529,369 | ---- | M] () -- C:\Users\***\Desktop\tdsskiller.zip
[2011.10.03 17:38:04 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe
[2011.10.02 21:54:22 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.02 21:54:22 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.02 21:54:22 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.02 21:54:22 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.02 21:54:22 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:49:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:56:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.01 01:45:58 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.01 01:45:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 23:25:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:38:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.29 21:38:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.24 23:42:44 | 001,599,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.23 10:53:54 | 519,920,318 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.18 23:36:30 | 000,000,277 | ---- | M] () -- C:\data3.lht
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.03 18:27:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.03 17:59:57 | 001,529,369 | ---- | C] () -- C:\Users\***\Desktop\tdsskiller.zip
[2011.10.03 01:54:32 | 046,473,013 | ---- | C] () -- C:\world_gm (2).lgp
[2011.10.02 21:48:58 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:10:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.02 20:10:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.02 20:10:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.02 20:10:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.02 20:10:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.28 21:02:15 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.28 21:02:15 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.19 07:00:39 | 519,920,318 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.09.18 15:34:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.02 21:02:48 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll
[2011.05.15 17:55:01 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 23:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsrex.INI
[2011.04.25 00:44:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.03.31 19:22:17 | 001,599,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.30 22:24:22 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.02.24 17:50:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.02.19 23:55:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.02.12 18:24:46 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Iteragey.dat
[2011.02.12 18:24:46 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Odehateb.bin
[2011.01.24 22:19:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.24 21:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.11.21 00:38:32 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.21 00:38:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.11 19:29:11 | 000,007,601 | -H-- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.09.05 21:03:43 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010.09.05 21:03:43 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010.09.05 21:01:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.09.05 21:00:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.09.05 21:00:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.07.30 08:06:18 | 000,049,152 | R--- | C] () -- C:\Windows\UINSTampQLIE.exe
[2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.09.24 16:03:36 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
========== LOP Check ==========
 
[2011.09.29 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.11 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8C666FB52D8C86B232E208484AE35E17
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.09.18 04:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.09.10 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.05 12:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2011.07.28 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DragonicaSCB
[2011.09.25 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.26 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.20 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.24 23:06:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.24 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.07.25 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron
[2011.03.08 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.07.18 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SOFTPAL
[2011.07.30 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.03.03 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2011.03.22 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.08.03 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.07.18 07:03:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.09.10 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.07.28 13:07:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

Rayin 03.10.2011 22:24
Hoffe ich hab alles richtig gemacht. Ich habe im Anhang noch zur Sicherheit die dazugehörigen Text-Dateien hinzugefügt.

Edit: Anscheinend hab ich die OTL-Logfile doppelt gepostet. Sorry.

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 03.10.2011 19:51:16 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,26% Memory free
6,00 Gb Paging File | 4,35 Gb Available in Paging File | 72,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,44 Gb Total Space | 73,99 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 47,82 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Drive E: | 14,63 Gb Total Space | 2,75 Gb Free Space | 18,82% Space Free | Partition Type: FAT32
 
Computer Name: SOULWALKER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.76
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018402}" = F1 2010
"{45CC480A-14ED-4407-9743-D4A617A27903}" = Laptop-Keypad Patch
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{615273F6-A1E4-4A96-BE5B-3F4557E6BAF5}" = Final Fantasy VII v1.02 Update
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80843623-6460-4A3E-BFE6-6C66BDAE5178}" = Angry Birds
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9D65035B-060B-4593-94E9-C06DF372E1A7}" = Advent Children Avatare
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E3BA1B06-527A-43D1-A8AA-AE34D1DA2EAF}" = FiceMusic
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Audition Online1.2.6064" = Audition Online
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CamStudio" = CamStudio
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dragonica(DE)" = Dragonica(DE)
"Fate_sword dance" = Fate_sword dance
"Fate-stay night English" = Fate/stay night English v3.2
"Final Fantasy VII" = Final Fantasy VII
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"STANDARDR" = Microsoft Office Standard 2007
"SWAT 4" = SWAT 4
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

kira 04.10.2011 15:46
1.
Zitat:
Zitat von Rayin (Beitrag 706354)
der TDSSKiller findet auf meinem Laptop nichts, daher werde ich auch nicht aufgefordert das System neu zu starten.
Liegt das vielleicht daran, dass mein Bekannter schon einmal probiert hat was mit TDSSKiller zu machen? Ich hab nämlich unter C:\ einen Ordner mit dem Namen: TDSSKiller_Quarantine.
kannst Du den Inhalt posten?

2.
Messenger Plus! Live:
Zur Kategorie des Unsicheren gehört! Hast Du während der Installation der von Programm "zusätzlich" angebotenen Software abgewählt? Nämlich da neben der eigentlichen Software auch Adware -Programm wird (mit)installiert
Wenn du unbedingt möchtest (nicht empfohlen, da es absolut nicht nötig ist und dein MSN davon nicht betroffen), kannst du nochmal installieren, aber alles genau durchlesen, und Partnerprogrammen, Sponsoren etc möglichst abwählen!
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen!

3.
nicht empfohlen:
Zitat:
Veoh Web Player <- Softwareart: Adware
finanziert sich über eine Adware-Komponente
Hinweis: Um den "Veoh Web Player" vollständig nutzen zu können, müssen Sie sich nach der Installation beim Hersteller mit einer E-Mail-Adresse registrieren. Während der Installation sollten Sie die angebotene Software abklicken, diese hat nichts mit dem eigentlichen Programm zu tun. Zudem empfehlen wir Ihnen, die ungefragt mitgelieferte Veoh-Toolbar gleich nach der Installation wieder aus dem System zu löschen.

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

Rayin 07.10.2011 18:43
Sorry, hatte die letzten Tage kein Internet.

1.
Posten im Sinne von alle Dateien hochladen oder nur bestimmte Dateien?
Hab in dem Ordner nämlich nochmal zwei Ordner. Beide vom 2.10. aber mit unterschiedlichen Uhrzeiten. Soll ich dir dann beide posten oder nur den neueren?

2.
Danke für den Hinweis, wusste ich aber schon. Ich mach immer die benutzerdefinierte Installation und klick alles weg (Toolbars,etc.).

3.
Hab zwar keine E-Mail Adresse angegeben und die Toolbar auch nicht installiert, da ich Toolbars nie installiere, kann ihn aber trotzdem gerne deinstallieren wenn ich soll.

4.
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 07.10.2011 19:22:51 - Run 3
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,22% Memory free
6,00 Gb Paging File | 4,17 Gb Available in Paging File | 69,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,44 Gb Total Space | 71,88 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 47,81 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Drive E: | 14,63 Gb Total Space | 2,75 Gb Free Space | 18,82% Space Free | Partition Type: FAT32
 
Computer Name: SOULWALKER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.76
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018402}" = F1 2010
"{45CC480A-14ED-4407-9743-D4A617A27903}" = Laptop-Keypad Patch
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{615273F6-A1E4-4A96-BE5B-3F4557E6BAF5}" = Final Fantasy VII v1.02 Update
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80843623-6460-4A3E-BFE6-6C66BDAE5178}" = Angry Birds
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9D65035B-060B-4593-94E9-C06DF372E1A7}" = Advent Children Avatare
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E3BA1B06-527A-43D1-A8AA-AE34D1DA2EAF}" = FiceMusic
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Audition Online1.2.6064" = Audition Online
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CamStudio" = CamStudio
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dragonica(DE)" = Dragonica(DE)
"Fate_sword dance" = Fate_sword dance
"Fate-stay night English" = Fate/stay night English v3.2
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"STANDARDR" = Microsoft Office Standard 2007
"SWAT 4" = SWAT 4
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Rayin 07.10.2011 18:44
OTL Logfile:
Code:
OTL logfile created on: 07.10.2011 19:22:51 - Run 3
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,22% Memory free
6,00 Gb Paging File | 4,17 Gb Available in Paging File | 69,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,44 Gb Total Space | 71,88 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 47,81 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Drive E: | 14,63 Gb Total Space | 2,75 Gb Free Space | 18,82% Space Free | Partition Type: FAT32
 
Computer Name: SOULWALKER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.03 23:42:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.09.20 12:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.11 23:48:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.05 21:03:10 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.07.16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.07.07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.06.24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 00:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.04.20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008.12.30 01:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.07 19:13:16 | 000,204,800 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\winamp.lng
MOD - [2011.10.07 19:13:16 | 000,155,648 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\vis_milk2.lng
MOD - [2011.10.07 19:13:16 | 000,088,064 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\vis_avs.lng
MOD - [2011.10.07 19:13:16 | 000,039,424 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_wifi.lng
MOD - [2011.10.07 19:13:16 | 000,011,776 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_usb.lng
MOD - [2011.10.07 19:13:16 | 000,007,680 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\vis_nsfs.lng
MOD - [2011.10.07 19:13:16 | 000,006,144 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\tagz.lng
MOD - [2011.10.07 19:13:16 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\winampa.lng
MOD - [2011.10.07 19:13:15 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\burnlib.lng
MOD - [2011.10.07 19:13:15 | 000,056,320 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_local.lng
MOD - [2011.10.07 19:13:15 | 000,047,616 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_disc.lng
MOD - [2011.10.07 19:13:15 | 000,047,104 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_pmp.lng
MOD - [2011.10.07 19:13:15 | 000,041,984 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_jumpex.lng
MOD - [2011.10.07 19:13:15 | 000,036,864 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_ipod.lng
MOD - [2011.10.07 19:13:15 | 000,036,352 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ombrowser.lng
MOD - [2011.10.07 19:13:15 | 000,034,816 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_plg.lng
MOD - [2011.10.07 19:13:15 | 000,023,552 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_classicart.lng
MOD - [2011.10.07 19:13:15 | 000,023,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_mp3.lng
MOD - [2011.10.07 19:13:15 | 000,023,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_ff.lng
MOD - [2011.10.07 19:13:15 | 000,021,504 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_ml.lng
MOD - [2011.10.07 19:13:15 | 000,020,480 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_android.lng
MOD - [2011.10.07 19:13:15 | 000,020,480 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_midi.lng
MOD - [2011.10.07 19:13:15 | 000,018,944 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_mod.lng
MOD - [2011.10.07 19:13:15 | 000,016,384 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\out_ds.lng
MOD - [2011.10.07 19:13:15 | 000,015,360 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_wm.lng
MOD - [2011.10.07 19:13:15 | 000,014,848 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_wire.lng
MOD - [2011.10.07 19:13:15 | 000,014,336 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_online.lng
MOD - [2011.10.07 19:13:15 | 000,014,336 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_cdda.lng
MOD - [2011.10.07 19:13:15 | 000,013,824 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\dsp_sps.lng
MOD - [2011.10.07 19:13:15 | 000,012,800 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_playlists.lng
MOD - [2011.10.07 19:13:15 | 000,011,776 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_nsv.lng
MOD - [2011.10.07 19:13:15 | 000,011,776 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_skinmanager.lng
MOD - [2011.10.07 19:13:15 | 000,011,264 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_vorbis.lng
MOD - [2011.10.07 19:13:15 | 000,011,264 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_hotkeys.lng
MOD - [2011.10.07 19:13:15 | 000,010,752 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_undo.lng
MOD - [2011.10.07 19:13:15 | 000,010,752 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\auth.lng
MOD - [2011.10.07 19:13:15 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_timerestore.lng
MOD - [2011.10.07 19:13:15 | 000,009,728 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_downloads.lng
MOD - [2011.10.07 19:13:15 | 000,009,216 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_nopro.lng
MOD - [2011.10.07 19:13:15 | 000,008,704 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_history.lng
MOD - [2011.10.07 19:13:15 | 000,008,704 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_devices.lng
MOD - [2011.10.07 19:13:15 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_transcode.lng
MOD - [2011.10.07 19:13:15 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_tray.lng
MOD - [2011.10.07 19:13:15 | 000,007,680 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\out_wave.lng
MOD - [2011.10.07 19:13:15 | 000,007,168 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_orgler.lng
MOD - [2011.10.07 19:13:15 | 000,007,168 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_crasher.lng
MOD - [2011.10.07 19:13:15 | 000,006,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_autotag.lng
MOD - [2011.10.07 19:13:15 | 000,006,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_wav.lng
MOD - [2011.10.07 19:13:15 | 000,006,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_dshow.lng
MOD - [2011.10.07 19:13:15 | 000,006,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_fhgaac.lng
MOD - [2011.10.07 19:13:15 | 000,006,144 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\out_disk.lng
MOD - [2011.10.07 19:13:15 | 000,006,144 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_wma.lng
MOD - [2011.10.07 19:13:15 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_wave.lng
MOD - [2011.10.07 19:13:15 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_flac.lng
MOD - [2011.10.07 19:13:15 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_lame.lng
MOD - [2011.10.07 19:13:15 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_rg.lng
MOD - [2011.10.07 19:13:15 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_impex.lng
MOD - [2011.10.07 19:13:15 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_bookmarks.lng
MOD - [2011.10.07 19:13:15 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_mp4.lng
MOD - [2011.10.07 19:13:15 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_avi.lng
MOD - [2011.10.07 19:13:15 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_activesync.lng
MOD - [2011.10.07 19:13:15 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_enqplay.lng
MOD - [2011.10.07 19:13:15 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_wv.lng
MOD - [2011.10.07 19:13:15 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_mkv.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_p4s.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_orb.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\gen_find_on_disk.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_wav.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_vorbis.lng
MOD - [2011.10.07 19:13:15 | 000,004,096 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\enc_flac.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\pmp_njb.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_nowplaying.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\ml_addons.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_swf.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_linein.lng
MOD - [2011.10.07 19:13:15 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\in_flv.lng
MOD - [2011.10.07 19:13:15 | 000,003,072 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\WLZ4AF4.tmp\playlist.lng
MOD - [2011.10.03 23:42:38 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.29 23:24:26 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.07.14 04:12:27 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2011.07.14 04:12:27 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2011.07.14 04:12:27 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2011.07.14 04:12:27 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2011.07.14 04:12:27 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2011.07.14 04:12:27 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2011.07.14 04:12:27 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2011.07.14 04:12:26 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2011.07.14 04:12:25 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2011.07.14 04:12:25 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2011.07.14 04:12:24 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2011.07.14 04:12:24 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2011.07.14 04:12:24 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
MOD - [2011.07.14 04:12:24 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2011.07.14 04:12:24 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s
MOD - [2011.07.14 04:12:24 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s
MOD - [2011.07.14 04:12:24 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2011.07.14 04:12:24 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2011.07.14 04:12:24 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2011.07.14 04:12:24 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2011.07.14 04:12:24 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2011.07.14 04:12:24 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2011.07.14 04:12:23 | 000,293,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2011.07.14 04:12:23 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
MOD - [2011.07.14 04:12:23 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2011.07.14 04:12:23 | 000,200,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2011.07.14 04:12:23 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
MOD - [2011.07.14 04:12:23 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2011.07.14 04:12:23 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2011.07.14 04:12:23 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2011.07.14 04:12:23 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
MOD - [2011.07.14 04:12:23 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2011.07.14 04:12:23 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2011.07.14 04:12:23 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2011.07.14 04:12:23 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2011.07.14 04:12:23 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2011.07.14 04:12:23 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2011.07.14 04:12:23 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011.07.14 04:12:23 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2011.07.14 04:12:23 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2011.07.14 04:12:22 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2011.07.14 04:12:22 | 000,410,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2011.07.14 04:12:22 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2011.07.14 04:12:22 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2011.07.14 04:12:22 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2011.07.14 04:12:22 | 000,285,696 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2011.07.14 04:12:22 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2011.07.14 04:12:22 | 000,252,416 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2011.07.14 04:12:22 | 000,183,808 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
MOD - [2011.07.14 04:12:22 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2011.07.14 04:12:22 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2011.07.14 04:12:22 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2011.07.14 04:12:22 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2011.07.14 04:12:22 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2011.07.14 04:12:22 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2011.07.14 04:12:22 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2011.07.14 04:12:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2011.07.14 04:12:22 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011.07.14 04:12:22 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2011.07.14 04:12:22 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2011.07.14 04:12:22 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2011.03.26 11:46:44 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_msn.dll
MOD - [2011.03.17 02:35:14 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009.09.03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.07.24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.03.26 23:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.07 03:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.01 14:19:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.09.01 14:25:34 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.01 14:19:26 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 12:06:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.05 18:45:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 02:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.09.05 21:03:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.09.05 21:03:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.29 12:06:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 12:06:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.13 19:28:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.05 21:01:23 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010.06.09 13:00:50 | 001,887,528 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TrdCap64.sys -- (TrdCap64)
DRV:64bit: - [2010.01.13 18:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.10 04:52:06 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009.07.20 11:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:16:30 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.10 01:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010.10.07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 AB DF 66 8D 2F CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {0056ABDC-7674-4E69-BECC-6119033A4E91}:1.9.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 23:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:04:24 | 000,000,000 | ---D | M]
 
[2010.09.05 13:31:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.10.02 21:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zlkhvcnv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.09.02 14:48:48 | 000,001,933 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\arcana-heart-3-wiki-en.xml
[2011.09.18 03:04:36 | 000,002,273 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\blazblue-wiki-en.xml
[2010.09.05 15:59:19 | 000,001,919 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bleach-wiki-en.xml
[2011.02.25 13:30:38 | 000,001,431 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\bulbapedia-en.xml
[2011.09.17 17:22:00 | 000,002,321 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dictcc.xml
[2011.02.13 03:50:53 | 000,002,276 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\dragon-age-wiki-en.xml
[2011.02.11 01:04:15 | 000,001,651 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\e-h-galleries.xml
[2010.09.07 01:09:43 | 000,001,936 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\fairy-tail-wiki-en.xml
[2010.09.06 23:24:54 | 000,000,924 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\gendou.xml
[2011.01.15 20:38:23 | 000,005,612 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\kingdom-hearts-wiki-en.xml
[2010.09.05 21:20:18 | 000,006,263 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\narutopedia-en.xml
[2011.02.15 20:33:33 | 000,002,291 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\one-piece-encyclopedia-en.xml
[2011.02.25 00:25:26 | 000,002,581 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\pokwiki-de.xml
[2011.08.07 17:20:04 | 000,002,309 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\rosario--vampire-wiki-en.xml
[2011.10.04 00:44:59 | 000,005,161 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\scratchpad-en-1.xml
[2011.01.07 20:19:27 | 000,005,161 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\scratchpad-en.xml
[2011.09.17 19:24:55 | 000,001,330 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\wikipedia-en.xml
[2010.09.05 15:59:04 | 000,002,057 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zlkhvcnv.default\searchplugins\youtube-videosuche.xml
[2011.09.28 21:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLKHVCNV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.03 23:42:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 03:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 03:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 03:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 03:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 03:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 03:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\
CHR - Extension: Chrome Clock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\0.9_0\~
CHR - Extension: FlashBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
 
O1 HOSTS File: ([2011.10.02 20:56:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE833978-C63A-415A-8DD9-DD66079F144A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.03 19:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.10.03 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.10.03 18:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.03 18:27:02 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.03 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.03 18:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.02 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Messenger Plus
[2011.10.02 21:52:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:34:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.10.02 21:30:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.10.02 21:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.10.02 20:10:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.02 20:10:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.02 20:10:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.02 20:09:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.10.02 20:09:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.10.02 20:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.29 21:47:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.09.29 21:45:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hamachi
[2011.09.29 21:44:40 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2011.09.29 21:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2011.09.28 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.09.28 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ImageConverter Plus
[2011.09.28 12:42:48 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011.09.28 12:42:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Image Converter Plus
[2011.09.25 03:02:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.09.24 23:35:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mkvtoolnix-unicode-1.7.0
[2011.09.24 23:34:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2011.09.23 19:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.09.23 19:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs
[2011.09.20 21:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.09.20 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.09.19 07:00:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.09.18 18:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.09.18 04:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.16 15:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.07 19:19:49 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.07 19:19:49 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.07 19:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.07 19:12:01 | 2415,366,144 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.06 14:46:25 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.06 14:46:25 | 000,700,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.06 14:46:25 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.06 14:46:25 | 000,149,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.06 14:46:25 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.05 23:53:16 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.03 19:48:28 | 000,001,807 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.10.03 19:48:26 | 000,002,024 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.10.02 21:52:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.02 21:49:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:56:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.01 01:45:58 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.01 01:45:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 23:25:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.29 21:44:40 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2011.09.29 21:38:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.29 21:38:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.24 23:42:44 | 001,599,834 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.18 23:36:30 | 000,000,277 | ---- | M] () -- C:\data3.lht
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.03 01:54:32 | 046,473,013 | ---- | C] () -- C:\world_gm (2).lgp
[2011.10.02 21:48:58 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.02 20:10:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.02 20:10:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.02 20:10:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.02 20:10:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.02 20:10:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.28 21:02:15 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.28 21:02:15 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
[2011.09.18 15:34:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.02 21:02:48 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll
[2011.05.15 17:55:01 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 23:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsrex.INI
[2011.04.25 00:44:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.03.31 19:22:17 | 001,599,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.30 22:24:22 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.02.24 17:50:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.02.19 23:55:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.02.12 18:24:46 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Iteragey.dat
[2011.02.12 18:24:46 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Odehateb.bin
[2011.01.24 22:19:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.24 21:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.11.21 00:38:32 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.21 00:38:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.11 19:29:11 | 000,007,601 | -H-- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.09.05 21:03:43 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010.09.05 21:03:43 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010.09.05 21:01:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.09.05 21:00:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.09.05 21:00:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.07.30 08:06:18 | 000,049,152 | R--- | C] () -- C:\Windows\UINSTampQLIE.exe
[2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.09.24 16:03:36 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
========== LOP Check ==========
 
[2011.09.29 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.11 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8C666FB52D8C86B232E208484AE35E17
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.10.04 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.09.18 04:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.09.10 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.04 14:04:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2011.07.28 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DragonicaSCB
[2011.09.25 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.26 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.20 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.24 23:06:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.09.30 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.24 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.07.25 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron
[2011.03.08 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.07.18 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2011.09.30 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SOFTPAL
[2011.07.30 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.03.03 21:07:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia
[2011.03.22 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.08.03 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.07.18 07:03:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.09.10 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2011.07.28 13:07:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

kira 08.10.2011 06:49
Zitat:
Zitat von Rayin (Beitrag 707542)
Hab in dem Ordner nämlich nochmal zwei Ordner. Beide vom 2.10. aber mit unterschiedlichen Uhrzeiten. Soll ich dir dann beide posten oder nur den neueren?
alle vorhandenen Protokolle!

Rayin 08.10.2011 14:33
Hab sie jetzt erstmal in ne Zip-Datei gepackt. Hoffe, das war so okay.

kira 10.10.2011 05:28
1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
C:\Qoobox
oder C:\ComboFix.txt
(alle vorhandenen Protokolle!)

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 27 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
wird ungefragt (mit)installiert, kannst deinstallieren braucht kein Mensch:-> Conduit Engine aus Firefox entfernen
Code:
Conduit Engine
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen;)

4.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
[2011.09.23 03:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 03:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
[2011.10.01 01:45:58 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.01 01:45:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 21:38:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001UA.job
[2011.09.29 21:38:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3529196450-1472142056-2455708848-1001Core.job
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Commands
[purity]
[emptytemp]

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20