Trojaner-Board - 50€ Forderung bei Windows-Start

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 50€ Forderung bei Windows-Start (https://www.trojaner-board.de/106560-50-forderung-windows-start.html)

50€ Forderung bei Windows-Start

Hi,
Ich hab quasi das selbe Problem wie in folgendem Thread:
http://www.trojaner-board.de/106109-...s-7-start.html

War mit Firefox (neuste Version) unterwegs, plötzlich öffnete sich scheinbar ein PopUp, was eine Geldforderung anzeigte. Schließen so ging nicht. Alt+F4 half dann. Ein Internet Explorer und Explorer war auch offen, ebenfalls mit Alt+F4 geschlossen. Mein Desktop-Hintergrund wurde nun angezeigt, machen konnte ich aber nix. Reagierte nicht auf Maus oder Tastatur scheinbar. Task Manager über Tastatur ging -> Neustart Befehl. Währenddessen waren im Hintergrund noch genug Programme offen, so dass ich den Neustart verhindern konnte und wieder auf dem "richtigen" Desktop gelandet bin.
Heute morgen starte ich dann den PC wieder und direkt öffnet sich ein weißes Fenster (was wohl diese Geldforderung wieder anzeigen sollte). Mit Alt+F4 liess es sich wieder schließen, IE und Explorer Fenster ebenfalls. Aber zum normalen Einsatz kam ich gar nicht mehr.
Durch den abgesichteren Modus konnte ich dann "Rant Lend Heinz" (angeblich von Packard Bell) kicken. Seitdem kann ich normal starten und in der Autostart-Liste wird das ebenfalls nicht mehr angezeigt...
Sichergehen will ich trotzdem und daher meinen Log hier posten. Also hier mein OTL Log:

Code:

OTL logfile created on: 19.12.2011 18:11:53 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,16% Memory free

8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 1,29 Gb Free Space | 2,65% Space Free | Partition Type: NTFS

Drive D: | 785,03 Gb Total Space | 160,37 Gb Free Space | 20,43% Space Free | Partition Type: NTFS

 

Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)

PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (DVBVRecorder) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)

SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()

SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (UDST7000HID) -- C:\Windows\SysNative\drivers\UDST7000HID.sys (TechniSat Digital S.A.)

DRV:64bit: - (UDST7000BDA) -- C:\Windows\SysNative\drivers\UDST7000BDA.sys (TechniSat Digital S.A.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 77 1D A8 6C CF CA 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.xrel.to/releases.html"

FF - prefs.js..network.proxy.type: 0

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 17:21:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 17:21:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 17:52:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.02 20:58:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}: C:\Users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C} [2011.01.25 23:47:32 | 000,000,000 | ---D | M]

 

[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions

[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011.12.18 17:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions

[2011.12.16 07:21:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2011.11.26 11:45:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2011.12.08 19:30:32 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2011.09.22 13:16:59 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2011.08.31 14:20:01 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}

[2011.11.08 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.04.08 15:21:01 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

[2011.01.25 23:47:32 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MICHA\APPDATA\LOCAL\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2011.11.08 17:52:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.06.21 15:49:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.06.21 15:49:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.06.21 15:49:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.06.21 15:49:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.06.21 15:49:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.06.21 15:49:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Micha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: DivX HiQ = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\

CHR - Extension: AdBlock = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

 

Hosts file not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4083B7D6-93C1-4546-8E69-A836839524AA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03CCBA5-C47B-40C6-BB87-7FE386CD2366}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B19686-B466-4226-879D-D95AA3C392CC}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.19 17:35:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe

[2011.12.14 16:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.12.14 07:35:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.14 07:35:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.14 07:35:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.14 07:35:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.14 07:35:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.14 07:35:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.14 07:35:35 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011.12.14 07:35:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011.12.14 07:35:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011.12.14 07:35:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.12.14 07:35:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.12.14 07:34:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.14 07:33:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.14 07:33:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\FILSHtray

[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\FILSH_Media_GmbH

[2011.12.11 20:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray

[2011.12.11 20:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILSHtray

[2011.12.09 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1

[2011.12.08 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 12 (SRF)

[2011.12.08 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Nitro PDF

[2011.12.08 14:12:36 | 000,028,968 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll

[2011.12.08 14:12:36 | 000,017,192 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll

[2011.12.08 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF

[2011.12.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations

[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô

[2011.11.24 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Sidhe

[2011.11.23 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Ubisoft Game Launcher

[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Assassin's Creed Revelations

[2011.11.22 21:54:20 | 000,000,000 | ---D | C] -- C:\Users\Micha\.android

[2011.11.22 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android

[2011.11.20 18:34:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\2K Sports

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.19 18:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job

[2011.12.19 17:35:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe

[2011.12.19 17:12:53 | 004,000,705 | ---- | M] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3

[2011.12.19 17:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job

[2011.12.19 16:33:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.19 16:33:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.19 16:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.19 16:27:43 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.19 16:27:42 | 002,081,616 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor

[2011.12.18 21:09:49 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.18 21:09:49 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.18 21:09:49 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.18 21:09:49 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.18 21:09:49 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.18 20:55:02 | 004,878,836 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3

[2011.12.18 20:51:04 | 007,010,338 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3

[2011.12.18 20:12:45 | 125,315,075 | ---- | M] () -- C:\Users\Micha\Desktop\Laidback Luke at Dirty Dutch Blackout (Air, Amsterdam) 17.12.2011.mp3

[2011.12.18 20:12:38 | 113,353,237 | ---- | M] () -- C:\Users\Micha\Desktop\Chuckie at Dirty Dutch Blackout - Amsterdam 17.12.2011 [exQlusiv.com].mp3

[2011.12.17 19:21:54 | 193,479,189 | ---- | M] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3

[2011.12.17 12:41:00 | 095,703,661 | ---- | M] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3

[2011.12.17 11:50:32 | 112,608,697 | ---- | M] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3

[2011.12.17 10:39:06 | 185,287,975 | ---- | M] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3

[2011.12.17 06:19:19 | 163,866,484 | ---- | M] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3

[2011.12.17 02:22:28 | 097,788,381 | ---- | M] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3

[2011.12.17 01:12:33 | 097,480,766 | ---- | M] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3

[2011.12.16 07:37:42 | 173,614,161 | ---- | M] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3

[2011.12.15 19:55:05 | 009,006,535 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3

[2011.12.14 11:55:21 | 005,173,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.13 19:44:10 | 000,354,760 | ---- | M] () -- C:\Users\Micha\Desktop\chuckie.jpg

[2011.12.13 16:56:10 | 000,054,096 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg

[2011.12.13 16:56:08 | 000,054,174 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg

[2011.12.13 16:56:05 | 000,052,766 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg

[2011.12.13 16:56:03 | 000,054,636 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg

[2011.12.13 16:56:00 | 000,049,596 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg

[2011.12.13 16:55:56 | 000,047,476 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg

[2011.12.13 16:52:26 | 000,196,091 | ---- | M] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg

[2011.12.13 16:52:20 | 000,319,821 | ---- | M] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg

[2011.12.13 16:52:14 | 000,219,459 | ---- | M] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg

[2011.12.13 16:52:08 | 000,223,256 | ---- | M] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg

[2011.12.13 16:52:03 | 000,204,846 | ---- | M] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg

[2011.12.13 16:51:57 | 000,121,565 | ---- | M] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg

[2011.12.13 14:15:11 | 000,275,859 | ---- | M] () -- C:\Users\Micha\Desktop\img_8706.jpg

[2011.12.13 14:09:06 | 000,055,809 | ---- | M] () -- C:\Users\Micha\Desktop\Maria2.jpg

[2011.12.13 14:05:37 | 000,055,427 | ---- | M] () -- C:\Users\Micha\Desktop\Maria1.jpg

[2011.12.12 18:33:42 | 000,533,972 | ---- | M] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg

[2011.12.12 18:33:21 | 000,117,219 | ---- | M] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg

[2011.12.12 18:30:43 | 000,031,762 | ---- | M] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg

[2011.12.11 20:41:27 | 013,494,125 | ---- | M] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3

[2011.12.09 18:00:30 | 000,146,828 | ---- | M] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg

[2011.12.09 07:34:17 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.08 19:17:43 | 088,160,965 | ---- | M] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3

[2011.12.08 14:29:44 | 000,054,913 | ---- | M] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg

[2011.12.08 14:27:01 | 000,816,088 | ---- | M] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg

[2011.12.08 14:24:11 | 000,000,817 | ---- | M] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk

[2011.11.30 15:31:23 | 000,008,479 | ---- | M] () -- C:\Users\Micha\Desktop\Dglucsoe.png

[2011.11.29 15:41:30 | 014,182,400 | ---- | M] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3

[2011.11.26 14:00:54 | 000,011,986 | ---- | M] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png

[2011.11.26 13:58:29 | 000,028,135 | ---- | M] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png

[2011.11.22 16:46:27 | 000,175,836 | ---- | M] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.19 17:12:52 | 004,000,705 | ---- | C] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3

[2011.12.18 20:54:23 | 004,878,836 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3

[2011.12.18 20:50:59 | 007,010,338 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3

[2011.12.18 20:10:04 | 113,353,237 | ---- | C] () -- C:\Users\Micha\Desktop\Chuckie at Dirty Dutch Blackout - Amsterdam 17.12.2011 [exQlusiv.com].mp3

[2011.12.18 20:10:00 | 125,315,075 | ---- | C] () -- C:\Users\Micha\Desktop\Laidback Luke at Dirty Dutch Blackout (Air, Amsterdam) 17.12.2011.mp3

[2011.12.17 19:19:19 | 193,479,189 | ---- | C] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3

[2011.12.17 15:25:49 | 112,608,697 | ---- | C] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3

[2011.12.17 15:25:37 | 163,866,484 | ---- | C] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3

[2011.12.17 15:25:26 | 185,287,975 | ---- | C] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3

[2011.12.17 15:09:23 | 095,703,661 | ---- | C] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3

[2011.12.17 15:08:22 | 097,788,381 | ---- | C] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3

[2011.12.17 14:44:56 | 097,480,766 | ---- | C] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3

[2011.12.16 07:29:58 | 173,614,161 | ---- | C] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3

[2011.12.15 19:55:02 | 009,006,535 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3

[2011.12.13 19:44:09 | 000,354,760 | ---- | C] () -- C:\Users\Micha\Desktop\chuckie.jpg

[2011.12.13 16:56:10 | 000,054,096 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg

[2011.12.13 16:56:07 | 000,054,174 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg

[2011.12.13 16:56:05 | 000,052,766 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg

[2011.12.13 16:56:02 | 000,054,636 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg

[2011.12.13 16:55:59 | 000,049,596 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg

[2011.12.13 16:55:55 | 000,047,476 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg

[2011.12.13 16:52:25 | 000,196,091 | ---- | C] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg

[2011.12.13 16:52:19 | 000,319,821 | ---- | C] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg

[2011.12.13 16:52:14 | 000,219,459 | ---- | C] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg

[2011.12.13 16:52:08 | 000,223,256 | ---- | C] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg

[2011.12.13 16:52:02 | 000,204,846 | ---- | C] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg

[2011.12.13 16:51:56 | 000,121,565 | ---- | C] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg

[2011.12.13 14:15:10 | 000,275,859 | ---- | C] () -- C:\Users\Micha\Desktop\img_8706.jpg

[2011.12.13 14:09:05 | 000,055,809 | ---- | C] () -- C:\Users\Micha\Desktop\Maria2.jpg

[2011.12.13 14:05:36 | 000,055,427 | ---- | C] () -- C:\Users\Micha\Desktop\Maria1.jpg

[2011.12.12 18:33:41 | 000,533,972 | ---- | C] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg

[2011.12.12 18:33:20 | 000,117,219 | ---- | C] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg

[2011.12.12 18:30:42 | 000,031,762 | ---- | C] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg

[2011.12.11 20:41:14 | 013,494,125 | ---- | C] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3

[2011.12.09 18:00:26 | 000,146,828 | ---- | C] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg

[2011.12.08 19:16:48 | 088,160,965 | ---- | C] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3

[2011.12.08 14:29:43 | 000,054,913 | ---- | C] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg

[2011.12.08 14:27:00 | 000,816,088 | ---- | C] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg

[2011.12.08 14:24:11 | 000,000,817 | ---- | C] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk

[2011.11.30 15:31:22 | 000,008,479 | ---- | C] () -- C:\Users\Micha\Desktop\Dglucsoe.png

[2011.11.29 15:41:21 | 014,182,400 | ---- | C] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3

[2011.11.26 14:00:53 | 000,011,986 | ---- | C] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png

[2011.11.26 13:58:27 | 000,028,135 | ---- | C] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png

[2011.11.22 16:46:25 | 000,175,836 | ---- | C] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg

[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.07.21 13:02:29 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE

[2011.04.22 15:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.16 17:06:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.02.16 15:02:36 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Local\PUTTY.RND

[2011.01.25 23:47:34 | 000,000,120 | ---- | C] () -- C:\Users\Micha\AppData\Local\Spewakoroxaziva.dat

[2011.01.25 23:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Local\Aduxohilo.bin

[2011.01.14 00:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\chrtmp

[2010.12.10 15:00:37 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010.12.10 15:00:23 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2010.12.09 16:11:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.09 16:10:13 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll

[2010.12.09 16:10:13 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2010.12.09 15:58:39 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.23 14:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2010.10.28 13:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.09.27 13:03:32 | 000,000,078 | ---- | C] () -- C:\Windows\wininit.ini

[2010.07.15 10:02:13 | 000,005,870 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.07.14 14:33:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.05.30 16:52:55 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.05.28 14:59:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.25 16:07:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010.05.25 16:07:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010.04.25 13:56:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010.04.25 13:56:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010.04.21 15:30:52 | 000,013,030 | ---- | C] () -- C:\Users\Micha\AppData\Local\PDOXUSRS.NET

[2010.04.16 18:42:53 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\winscp.rnd

[2010.02.16 22:09:51 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.02.16 22:09:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010.02.12 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2005.04.08 03:16:43 | 000,040,879 | -H-- | C] () -- C:\Users\Micha\AppData\Roaming\cglogs.dat

[2000.08.02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe

 
 ========== LOP Check ==========

 

[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507

[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports

[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360

[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo

[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot

[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite

[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations

[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden

[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader

[2011.12.19 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla

[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software

[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla

[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn

[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView

[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum

[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher

[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech

[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local

[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient

[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag

[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF

[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera

[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit

[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin

[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense

[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster

[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP

[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software

[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall

[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom

[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client

[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle

[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft

[2011.12.19 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2

[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView

[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD

[2011.12.03 18:13:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6
 

< End of report >

Extras.txt:

Code:

OTL Extras logfile created on: 19.12.2011 18:11:53 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,16% Memory free

8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 1,29 Gb Free Space | 2,65% Space Free | Partition Type: NTFS

Drive D: | 785,03 Gb Total Space | 160,37 Gb Free Space | 20,43% Space Free | Partition Type: NTFS

 

Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3

"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()

"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3

"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()

"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1" = iNFekt NFO Viewer

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Unlocker" = Unlocker 1.9.1-x64

"WinRAR archiver" = WinRAR 4.00 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO

"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm

"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.6

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CE9F9FBC-5253-46D2-9883-09E55003D794}" = TechniSat DVB-PC TV Star

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0

"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1489-3350-5074-6281" = JDownloader 0.9

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3

"ArgoUML" = ArgoUML 0.30.2

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21

"Avira AntiVir Desktop" = Avira Free Antivirus

"BlueJ_is1" = BlueJ 3.0.4

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"DVBViewer Pro_is1" = DVBViewer Pro

"DVBViewer Recording Service_is1" = DVBViewer Recording Service

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]

"FileZilla Client" = FileZilla Client 3.5.2

"Foxit Reader_is1" = Foxit Reader 5.1

"Hamachi" = Hamachi 1.0.1.2

"HotspotShield" = Hotspot Shield 1.56

"ImgBurn" = ImgBurn

"LastFM_is1" = Last.fm 1.5.4.27091

"LogMeIn Hamachi" = LogMeIn Hamachi

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"Mp3tag" = Mp3tag v2.49

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"Opera 11.60.1185" = Opera 11.60

"Origin" = Origin

"PSPad editor_is1" = PSPad editor

"Steam App 10" = Counter-Strike

"SystemRequirementsLab" = System Requirements Lab

"TomTom HOME" = TomTom HOME 2.8.2.2264

"VLC media player" = VLC media player 1.1.11

"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1

"WinLiveSuite" = Windows Live Essentials

"Wondershare LiveBoot 2012_is1" = Wondershare LiveBoot 2012 (Build 7.0.1)

"xchat" = XChat 2 (remove only)

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.6

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"QIP 2005" = QIP 2005 8095

"sc12-CH_SF" = Ski Challenge 12 (SRF)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02.03.2011 11:42:34 | Computer Name = M7cha | Source = MsiInstaller | ID = 1023

Description = 

 

Error - 02.03.2011 11:42:52 | Computer Name = M7cha | Source = MsiInstaller | ID = 10005

Description = 

 

Error - 02.03.2011 11:42:53 | Computer Name = M7cha | Source = MsiInstaller | ID = 1023

Description = 

 

Error - 03.03.2011 05:56:21 | Computer Name = M7cha | Source = MsiInstaller | ID = 11316

Description = 

 

Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 15584

 

Error - 04.03.2011 18:14:41 | Computer Name = M7cha | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

 

Error - 07.03.2011 04:30:18 | Computer Name = M7cha | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.7.5, Zeitstempel:

 0x00000000  Name des fehlerhaften Moduls: minigtk.dll, Version: 2.8.0.2870, Zeitstempel:

 0x483a89a9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00019944  ID des fehlerhaften Prozesses:

 0xd80  Startzeit der fehlerhaften Anwendung: 0x01cbdc9fdf71471e  Pfad der fehlerhaften

 Anwendung: C:\Program Files (x86)\xchat\xchat.exe  Pfad des fehlerhaften Moduls: 

C:\Program Files (x86)\xchat\minigtk.dll  Berichtskennung: 219ec71b-4895-11e0-89e9-0024215bb3f7

 

Error - 07.03.2011 09:37:15 | Computer Name = M7cha | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 0.0.0.0, Zeitstempel:

 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:

 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000343b6  ID des fehlerhaften Prozesses:

 0x368  Startzeit der fehlerhaften Anwendung: 0x01cbdcccacc751aa  Pfad der fehlerhaften

 Anwendung: C:\Program Files (x86)\Native Instruments\Traktor\Traktor.exe  Pfad des

 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 02dce823-48c0-11e0-89e9-0024215bb3f7

 

Error - 07.03.2011 09:37:40 | Computer Name = M7cha | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 0.0.0.0, Zeitstempel:

 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:

 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000343b6  ID des fehlerhaften Prozesses:

 0x10f0  Startzeit der fehlerhaften Anwendung: 0x01cbdcccc7c8dc85  Pfad der fehlerhaften

 Anwendung: C:\Program Files (x86)\Native Instruments\Traktor\Traktor.exe  Pfad des

 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 11ff079d-48c0-11e0-89e9-0024215bb3f7

 

[ OSession Events ]

Error - 02.03.2011 10:34:39 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 09.03.2011 17:30:18 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 09.03.2011 17:30:24 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 17.03.2011 12:00:38 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 29.03.2011 12:15:42 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.04.2011 16:24:08 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.12.2011 09:13:57 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.12.2011 13:22:38 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.12.2011 13:22:47 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 16.12.2011 02:54:07 | Computer Name = M7cha | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 19.12.2011 11:27:29 | Computer Name = M7cha | Source = Application Popup | ID = 1060

Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys

 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version

 des Treibers zu erhalten.

 

Error - 19.12.2011 11:27:38 | Computer Name = M7cha | Source = Application Popup | ID = 1060

Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys

 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version

 des Treibers zu erhalten.

 

Error - 19.12.2011 11:27:49 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:27:51 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:27:56 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:28:20 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:28:21 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:28:35 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:28:40 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

Error - 19.12.2011 11:28:40 | Computer Name = M7cha | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Fehler beim Lesen der Datei für lokale Hosts.

 

 

< End of report >

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Malwarebytes Vollscan:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8401
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

20.12.2011 13:46:51

mbam-log-2011-12-20 (13-46-48).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 627662

Laufzeit: 3 Stunde(n), 4 Minute(n), 18 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 4
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30049286.exe (Trojan.Agent) -> No action taken.

c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30052375.exe (Trojan.Agent) -> No action taken.

c:\Users\Micha\AppData\Roaming\Adobe\plugs\kb30052547.exe (Trojan.Agent) -> No action taken.

c:\Users\Micha\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.

ESET Online Scanner:

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=20f5eeddfb699e4d91f3051daeae209d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-20 08:46:51

# local_time=2011-12-20 09:46:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 5609190 5609190 0 0

# compatibility_mode=5893 16776574 100 94 25990334 76021992 0 0

# compatibility_mode=8192 67108863 100 0 63173 63173 0 0

# scanned=420633

# found=4

# cleaned=0

# scan_time=21868

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\8f85c44-4b11d10a        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-4b853750        probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Micha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\77bf623e-7d1c0144        a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean)        00000000000000000000000000000000        I

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Zitat:

Zitat von cosinus (Beitrag 738524)

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Wurden sie. Weiß auch nicht warum das im Log so steht...
Hab grd auch manuell nochmal nachgeguckt, die 4 Dateien sind nicht mehr zu finden.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL.txt:

Code:

OTL logfile created on: 20.12.2011 23:15:50 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Micha\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,61% Memory free

8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,73 Gb Total Space | 1,44 Gb Free Space | 2,95% Space Free | Partition Type: NTFS

Drive D: | 785,03 Gb Total Space | 164,29 Gb Free Space | 20,93% Space Free | Partition Type: NTFS

 

Computer Name: M7CHA | User Name: Micha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Micha\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (DVBVRecorder) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe (CM & V)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (UDST7000HID) -- C:\Windows\SysNative\drivers\UDST7000HID.sys (TechniSat Digital S.A.)

DRV:64bit: - (UDST7000BDA) -- C:\Windows\SysNative\drivers\UDST7000BDA.sys (TechniSat Digital S.A.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 77 1D A8 6C CF CA 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.xrel.to/releases.html"

FF - prefs.js..network.proxy.type: 0

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 17:21:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 17:21:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.20 16:43:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.02 20:58:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}: C:\Users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C} [2011.01.25 23:47:32 | 000,000,000 | ---D | M]

 

[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions

[2011.08.11 19:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011.12.18 17:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions

[2011.12.16 07:21:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2011.11.26 11:45:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2011.12.08 19:30:32 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2011.09.22 13:16:59 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2011.08.31 14:20:01 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}

[2011.12.20 16:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.01.25 23:47:32 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MICHA\APPDATA\LOCAL\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

() (No name found) -- C:\USERS\MICHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LCRY2S8F.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2011.12.17 06:09:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Micha\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Micha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: DivX HiQ = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\

CHR - Extension: AdBlock = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

 

Hosts file not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4083B7D6-93C1-4546-8E69-A836839524AA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03CCBA5-C47B-40C6-BB87-7FE386CD2366}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B19686-B466-4226-879D-D95AA3C392CC}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpFolder: C:^Users^Micha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.3653286783595232.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: Bwozulugawo - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: DVBV Service Ctrl - hkey= - key= - C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (CM&V Hackbart)

MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= - C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig:64bit - StartUpReg: MMTray - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Programme\Steam\steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {D6524E1C-48D7-7999-B612-BAE4363E1954} - Microsoft Windows Media Player 12.0

ActiveX: {DDFD74A3-6C10-6245-ADD5-794597C9825D} - Internet Explorer

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.20 22:27:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe

[2011.12.19 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes

[2011.12.19 21:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.19 21:59:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.14 16:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.12.14 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\FILSHtray

[2011.12.11 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\FILSH_Media_GmbH

[2011.12.11 20:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray

[2011.12.11 20:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILSHtray

[2011.12.09 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1

[2011.12.08 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 12 (SRF)

[2011.12.08 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Nitro PDF

[2011.12.08 14:12:36 | 000,028,968 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll

[2011.12.08 14:12:36 | 000,017,192 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll

[2011.12.08 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF

[2011.12.08 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations

[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô

[2011.11.24 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Sidhe

[2011.11.23 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Ubisoft Game Launcher

[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011.11.23 22:46:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Assassin's Creed Revelations

[2011.11.22 21:54:20 | 000,000,000 | ---D | C] -- C:\Users\Micha\.android

[2011.11.22 21:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.20 23:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job

[2011.12.20 23:02:37 | 100,101,541 | ---- | M] () -- C:\Users\Micha\Desktop\Yes! Yearmix 2011 - Mix by Constantinos Saradis - www.yesradio.gr.mp3

[2011.12.20 22:55:25 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.20 22:55:25 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.20 22:55:25 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.20 22:55:25 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.20 22:55:25 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.20 22:38:01 | 070,493,516 | ---- | M] () -- C:\Users\Micha\Desktop\01 Bassive.m4a

[2011.12.20 22:27:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe

[2011.12.20 21:58:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.20 21:58:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.20 21:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.20 21:53:10 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.20 21:53:09 | 002,087,996 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor

[2011.12.20 20:30:34 | 199,380,928 | ---- | M] () -- C:\Users\Micha\Desktop\01-benji_b_-_bbc_radio1_(guest_araabmuzik)-sat-12-08-2011-talion.mp3

[2011.12.20 20:28:53 | 129,898,478 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - Live @ The Ritz Ybor, The Mothership Tour (Tampa, FL, USA) - 16.12.2011.mp3

[2011.12.20 17:12:33 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job

[2011.12.20 16:02:42 | 000,046,729 | ---- | M] () -- C:\Users\Micha\Desktop\L3_DoD.jpg

[2011.12.19 17:12:53 | 004,000,705 | ---- | M] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3

[2011.12.18 20:55:02 | 004,878,836 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3

[2011.12.18 20:51:04 | 007,010,338 | ---- | M] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3

[2011.12.17 19:21:54 | 193,479,189 | ---- | M] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3

[2011.12.17 12:41:00 | 095,703,661 | ---- | M] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3

[2011.12.17 11:50:32 | 112,608,697 | ---- | M] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3

[2011.12.17 10:39:06 | 185,287,975 | ---- | M] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3

[2011.12.17 06:19:19 | 163,866,484 | ---- | M] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3

[2011.12.17 02:22:28 | 097,788,381 | ---- | M] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3

[2011.12.17 01:12:33 | 097,480,766 | ---- | M] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3

[2011.12.16 07:37:42 | 173,614,161 | ---- | M] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3

[2011.12.15 19:55:05 | 009,006,535 | ---- | M] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3

[2011.12.14 11:55:21 | 005,173,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.13 19:44:10 | 000,354,760 | ---- | M] () -- C:\Users\Micha\Desktop\chuckie.jpg

[2011.12.13 16:56:10 | 000,054,096 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg

[2011.12.13 16:56:08 | 000,054,174 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg

[2011.12.13 16:56:05 | 000,052,766 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg

[2011.12.13 16:56:03 | 000,054,636 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg

[2011.12.13 16:56:00 | 000,049,596 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg

[2011.12.13 16:55:56 | 000,047,476 | ---- | M] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg

[2011.12.13 16:52:26 | 000,196,091 | ---- | M] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg

[2011.12.13 16:52:20 | 000,319,821 | ---- | M] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg

[2011.12.13 16:52:14 | 000,219,459 | ---- | M] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg

[2011.12.13 16:52:08 | 000,223,256 | ---- | M] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg

[2011.12.13 16:52:03 | 000,204,846 | ---- | M] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg

[2011.12.13 16:51:57 | 000,121,565 | ---- | M] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg

[2011.12.13 14:15:11 | 000,275,859 | ---- | M] () -- C:\Users\Micha\Desktop\img_8706.jpg

[2011.12.13 14:09:06 | 000,055,809 | ---- | M] () -- C:\Users\Micha\Desktop\Maria2.jpg

[2011.12.13 14:05:37 | 000,055,427 | ---- | M] () -- C:\Users\Micha\Desktop\Maria1.jpg

[2011.12.12 18:33:42 | 000,533,972 | ---- | M] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg

[2011.12.12 18:33:21 | 000,117,219 | ---- | M] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg

[2011.12.12 18:30:43 | 000,031,762 | ---- | M] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg

[2011.12.11 20:41:27 | 013,494,125 | ---- | M] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3

[2011.12.09 18:00:30 | 000,146,828 | ---- | M] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg

[2011.12.09 07:34:17 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.08 19:17:43 | 088,160,965 | ---- | M] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3

[2011.12.08 14:29:44 | 000,054,913 | ---- | M] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg

[2011.12.08 14:27:01 | 000,816,088 | ---- | M] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg

[2011.12.08 14:24:11 | 000,000,817 | ---- | M] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk

[2011.11.30 15:31:23 | 000,008,479 | ---- | M] () -- C:\Users\Micha\Desktop\Dglucsoe.png

[2011.11.29 15:41:30 | 014,182,400 | ---- | M] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3

[2011.11.26 14:00:54 | 000,011,986 | ---- | M] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png

[2011.11.26 13:58:29 | 000,028,135 | ---- | M] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png

[2011.11.22 16:46:27 | 000,175,836 | ---- | M] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.20 23:01:40 | 100,101,541 | ---- | C] () -- C:\Users\Micha\Desktop\Yes! Yearmix 2011 - Mix by Constantinos Saradis - www.yesradio.gr.mp3

[2011.12.20 22:36:27 | 070,493,516 | ---- | C] () -- C:\Users\Micha\Desktop\01 Bassive.m4a

[2011.12.20 20:27:02 | 199,380,928 | ---- | C] () -- C:\Users\Micha\Desktop\01-benji_b_-_bbc_radio1_(guest_araabmuzik)-sat-12-08-2011-talion.mp3

[2011.12.20 20:26:10 | 129,898,478 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - Live @ The Ritz Ybor, The Mothership Tour (Tampa, FL, USA) - 16.12.2011.mp3

[2011.12.20 16:02:39 | 000,046,729 | ---- | C] () -- C:\Users\Micha\Desktop\L3_DoD.jpg

[2011.12.19 17:12:52 | 004,000,705 | ---- | C] () -- C:\Users\Micha\Desktop\Spank.MP3.mp3

[2011.12.18 20:54:23 | 004,878,836 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj - I'm A Motherf_king Monster - Cazzette.mp3

[2011.12.18 20:50:59 | 007,010,338 | ---- | C] () -- C:\Users\Micha\Desktop\CAZZETTE vs Kanye West, Rick Ross, Jay-Z, Bon Iver & Nikki Minaj -- I m A Motherf__king Monster.mp3

[2011.12.17 19:19:19 | 193,479,189 | ---- | C] () -- C:\Users\Micha\Desktop\Tiësto at Mission Impossible Premiere - Rio de Janeiro, Brasil 14.12.2011 [exQlusiv.com].mp3

[2011.12.17 15:25:49 | 112,608,697 | ---- | C] () -- C:\Users\Micha\Desktop\Swedish House Mafia at Madison Square Garden, New York 16.12.2011 [exQlusiv.com].mp3

[2011.12.17 15:25:37 | 163,866,484 | ---- | C] () -- C:\Users\Micha\Desktop\01-skrillex_-_mothership_002-sat-12-16-2011-talion.mp3

[2011.12.17 15:25:26 | 185,287,975 | ---- | C] () -- C:\Users\Micha\Desktop\01-sebastian_ingrosso_-_live_at_glow_washington_(dc)-sat-11-23-2011-talion.mp3

[2011.12.17 15:09:23 | 095,703,661 | ---- | C] () -- C:\Users\Micha\Desktop\01-fedde_le_grand_-_live_at_pacha_(nyc)-sat-12-09-2011-talion.mp3

[2011.12.17 15:08:22 | 097,788,381 | ---- | C] () -- C:\Users\Micha\Desktop\01-david_guetta-fuck_me_i_am_famous_(538)-sat-17-12-2011-1king.mp3

[2011.12.17 14:44:56 | 097,480,766 | ---- | C] () -- C:\Users\Micha\Desktop\01-afrojack_and_bobby_burns-jacked_(538)-sat-17-12-2011-1king.mp3

[2011.12.16 07:29:58 | 173,614,161 | ---- | C] () -- C:\Users\Micha\Desktop\swanky_tunes_-_2011_annual_report.mp3

[2011.12.15 19:55:02 | 009,006,535 | ---- | C] () -- C:\Users\Micha\Desktop\Skrillex - THE DISCO RANGERS BUS (KNOWS HOT TO ROCK N ROLL).mp3

[2011.12.13 19:44:09 | 000,354,760 | ---- | C] () -- C:\Users\Micha\Desktop\chuckie.jpg

[2011.12.13 16:56:10 | 000,054,096 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0005.JPG.jpg

[2011.12.13 16:56:07 | 000,054,174 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0004.JPG.jpg

[2011.12.13 16:56:05 | 000,052,766 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0003.JPG.jpg

[2011.12.13 16:56:02 | 000,054,636 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0002.JPG.jpg

[2011.12.13 16:55:59 | 000,049,596 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0001.JPG.jpg

[2011.12.13 16:55:55 | 000,047,476 | ---- | C] () -- C:\Users\Micha\Desktop\sakamoto_0000.JPG.jpg

[2011.12.13 16:52:25 | 000,196,091 | ---- | C] () -- C:\Users\Micha\Desktop\6477995007_0cf53aa3ac_b.jpg

[2011.12.13 16:52:19 | 000,319,821 | ---- | C] () -- C:\Users\Micha\Desktop\6477998897_fc5b269567_b.jpg

[2011.12.13 16:52:14 | 000,219,459 | ---- | C] () -- C:\Users\Micha\Desktop\6478001463_1fc94bd010_b.jpg

[2011.12.13 16:52:08 | 000,223,256 | ---- | C] () -- C:\Users\Micha\Desktop\6478216729_ca9380f946_b.jpg

[2011.12.13 16:52:02 | 000,204,846 | ---- | C] () -- C:\Users\Micha\Desktop\6478218115_6304186c0d_b.jpg

[2011.12.13 16:51:56 | 000,121,565 | ---- | C] () -- C:\Users\Micha\Desktop\6478219463_2a125e1e7e_b.jpg

[2011.12.13 14:15:10 | 000,275,859 | ---- | C] () -- C:\Users\Micha\Desktop\img_8706.jpg

[2011.12.13 14:09:05 | 000,055,809 | ---- | C] () -- C:\Users\Micha\Desktop\Maria2.jpg

[2011.12.13 14:05:36 | 000,055,427 | ---- | C] () -- C:\Users\Micha\Desktop\Maria1.jpg

[2011.12.12 18:33:41 | 000,533,972 | ---- | C] () -- C:\Users\Micha\Desktop\Grammys-Joel-Zimmerman-84695074_10.jpg

[2011.12.12 18:33:20 | 000,117,219 | ---- | C] () -- C:\Users\Micha\Desktop\Deadmau5-thumb-966x1024-86514.jpg

[2011.12.12 18:30:42 | 000,031,762 | ---- | C] () -- C:\Users\Micha\Desktop\l_208ecab28ce90ddccf712500c240c96f.jpg

[2011.12.11 20:41:14 | 013,494,125 | ---- | C] () -- C:\Users\Micha\Desktop\Ian Carey feat. Rosette & Timbaland - Amnesia (Cazzette Remix).mp3

[2011.12.09 18:00:26 | 000,146,828 | ---- | C] () -- C:\Users\Micha\Documents\cc_20111209_180025.reg

[2011.12.08 19:16:48 | 088,160,965 | ---- | C] () -- C:\Users\Micha\Desktop\RBUVp7icBx32.mp3

[2011.12.08 14:29:43 | 000,054,913 | ---- | C] () -- C:\Users\Micha\Desktop\FOA_featuringNervo_copy-e1319561255814.jpg

[2011.12.08 14:27:00 | 000,816,088 | ---- | C] () -- C:\Users\Micha\Desktop\Nervo-ICanGiveYouHouse.Com_.jpg

[2011.12.08 14:24:11 | 000,000,817 | ---- | C] () -- C:\Users\Micha\Desktop\Ski Challenge 12 (SRF) starten.lnk

[2011.11.30 15:31:22 | 000,008,479 | ---- | C] () -- C:\Users\Micha\Desktop\Dglucsoe.png

[2011.11.29 15:41:21 | 014,182,400 | ---- | C] () -- C:\Users\Micha\Desktop\Avicii & Nicky Romero - ID .www.music4you.hu.mp3

[2011.11.26 14:00:53 | 000,011,986 | ---- | C] () -- C:\Users\Micha\Desktop\361px-DL-Glucose.svg.png

[2011.11.26 13:58:27 | 000,028,135 | ---- | C] () -- C:\Users\Micha\Desktop\534px-Amylopektin_Haworth.svg.png

[2011.11.22 16:46:25 | 000,175,836 | ---- | C] () -- C:\Users\Micha\Desktop\6378312119_85974c4130_b.jpg

[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.07.21 13:02:29 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE

[2011.04.22 15:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.16 17:06:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.02.16 15:02:36 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Local\PUTTY.RND

[2011.01.25 23:47:34 | 000,000,120 | ---- | C] () -- C:\Users\Micha\AppData\Local\Spewakoroxaziva.dat

[2011.01.25 23:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Local\Aduxohilo.bin

[2011.01.14 00:15:43 | 000,000,000 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\chrtmp

[2010.12.10 15:00:37 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010.12.10 15:00:23 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2010.12.09 16:11:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010.12.09 16:10:13 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll

[2010.12.09 16:10:13 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2010.12.09 15:58:39 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.23 14:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2010.10.28 13:54:15 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE

[2010.09.27 13:03:32 | 000,000,078 | ---- | C] () -- C:\Windows\wininit.ini

[2010.07.15 10:02:13 | 000,005,870 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.07.14 14:33:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.05.30 16:52:55 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.05.28 14:59:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.05.25 16:07:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010.05.25 16:07:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010.04.25 13:56:19 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010.04.25 13:56:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010.04.21 15:30:52 | 000,013,030 | ---- | C] () -- C:\Users\Micha\AppData\Local\PDOXUSRS.NET

[2010.04.16 18:42:53 | 000,000,600 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\winscp.rnd

[2010.02.16 22:09:51 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.02.16 22:09:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010.02.12 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2000.08.02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe

 
 ========== LOP Check ==========

 

[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507

[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports

[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360

[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo

[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot

[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite

[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations

[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden

[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader

[2011.12.20 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla

[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software

[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla

[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn

[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView

[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum

[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher

[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech

[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local

[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient

[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag

[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF

[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera

[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit

[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin

[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense

[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster

[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP

[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software

[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall

[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom

[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client

[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle

[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft

[2011.12.20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2

[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView

[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD

[2011.12.03 18:13:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507

[2011.11.20 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\2K Sports

[2010.07.22 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\abgx360

[2011.12.20 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Adobe

[2010.09.29 19:37:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Adobe Mini Bridge CS5

[2011.10.19 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Apple Computer

[2010.07.15 12:03:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ashampoo

[2011.10.16 17:36:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Avira

[2010.05.02 08:10:49 | 000,000,000 | RHSD | M] -- C:\Users\Micha\AppData\Roaming\Boot

[2011.12.09 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Lite

[2011.07.02 12:44:16 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Digsby

[2010.12.14 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DivX

[2011.12.08 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Downloaded Installations

[2011.02.27 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Duden

[2010.06.30 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\dvdcss

[2011.11.01 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Feedreader

[2011.12.20 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FileZilla

[2011.10.10 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Foxit Software

[2010.05.01 14:25:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FVZilla

[2011.07.17 11:45:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Hamachi

[2010.02.05 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Identities

[2010.03.15 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ImgBurn

[2010.02.05 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\InstallShield

[2011.01.23 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView

[2011.11.10 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\jAlbum

[2010.02.11 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\L4dOgerLauncher

[2010.05.13 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech

[2010.12.14 17:21:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Local

[2011.03.01 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient

[2010.02.05 19:27:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Macromedia

[2011.12.19 21:59:22 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Media Center Programs

[2011.11.20 15:02:10 | 000,000,000 | --SD | M] -- C:\Users\Micha\AppData\Roaming\Microsoft

[2010.02.12 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mozilla

[2011.10.23 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Mp3tag

[2011.12.08 14:13:52 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Nitro PDF

[2011.10.29 10:50:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\NVIDIA

[2010.06.16 18:18:03 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Opera

[2011.07.17 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Orbit

[2011.10.19 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin

[2011.07.17 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ProgSense

[2010.02.07 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PSpad

[2011.03.16 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PunkBuster

[2010.08.04 15:03:35 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QIP

[2010.04.18 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\SecuROM

[2010.09.29 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010.11.06 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Stealth Software

[2011.01.12 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thinstall

[2010.07.08 20:08:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TomTom

[2011.12.09 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client

[2011.04.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Tunngle

[2010.03.24 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Ubisoft

[2011.08.02 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\vlc

[2011.03.08 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\WinRAR

[2011.12.20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\X-Chat 2

[2011.01.18 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\XnView

[2010.05.17 13:52:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Youtube Downloader HD

 
 < %APPDATA%\*.exe /s >

[2010.05.09 19:21:43 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Micha\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.02.13 20:30:51 | 000,376,320 | R--- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe

[2011.06.06 16:51:48 | 000,188,152 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\FlashGot.exe

[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe

[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe

[2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Micha\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe

[2010.11.06 19:07:00 | 000,341,504 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\HTCHome (x64).exe

[2010.11.06 19:07:00 | 000,335,360 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\HTCHome.exe

[2010.11.06 19:06:35 | 000,123,904 | ---- | M] (Stealth Software) -- C:\Users\Micha\AppData\Roaming\Stealth Software\HTC Home\Uninstall\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.startup.homepage: "http://www.xrel.to/releases.html"

O4 - HKCU..\Run: [AdobeBridge]  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell - "" = AutoRun

O33 - MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\Shell\AutoRun\command - "" = F:\Setup.exe

[2011.11.27 17:05:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô

[2010.12.22 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507

@Alternate Data Stream - 24 bytes -> C:\Windows:E2047556A8055CD6

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Log:

Code:

All processes killed

========== OTL ==========

Prefs.js: "hxxp://www.xrel.to/releases.html" removed from browser.startup.homepage

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34412a8f-12a2-11df-8be7-0024215bb3f7}\ not found.

File F:\Setup.exe not found.

C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\SE folder moved successfully.

C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\res folder moved successfully.

C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô\BGM folder moved successfully.

C:\Users\Micha\Desktop\éÁéÕé+é±é¦âAâNâVâçâô folder moved successfully.

C:\Users\Micha\AppData\Roaming\114C6A7697BEF67CA616F57D29F52507 folder moved successfully.

ADS C:\Windows:E2047556A8055CD6 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 434190 bytes

->Temporary Internet Files folder emptied: 57603 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Mcx1-M7CHA

->Temp folder emptied: 311762 bytes

->Temporary Internet Files folder emptied: 32106672 bytes

 

User: Micha

->Temp folder emptied: 146796427 bytes

->Temporary Internet Files folder emptied: 405630 bytes

->Java cache emptied: 37810740 bytes

->FireFox cache emptied: 316969861 bytes

->Google Chrome cache emptied: 10198967 bytes

->Apple Safari cache emptied: 13708288 bytes

->Opera cache emptied: 14014998 bytes

->Flash cache emptied: 1954237 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 757760 bytes

%systemroot%\System32 .tmp files removed: 4848912 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12160 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 554,00 mb

 

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_160325
 

Files\Folders moved on Reboot...

C:\Users\Micha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Log:

Code:

17:59:54.0567 3416        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

17:59:54.0735 3416        ============================================================

17:59:54.0735 3416        Current date / time: 2011/12/21 17:59:54.0735

17:59:54.0735 3416        SystemInfo:

17:59:54.0735 3416        

17:59:54.0735 3416        OS Version: 6.1.7601 ServicePack: 1.0

17:59:54.0735 3416        Product type: Workstation

17:59:54.0735 3416        ComputerName: M7CHA

17:59:54.0735 3416        UserName: Micha

17:59:54.0735 3416        Windows directory: C:\Windows

17:59:54.0735 3416        System windows directory: C:\Windows

17:59:54.0735 3416        Running under WOW64

17:59:54.0736 3416        Processor architecture: Intel x64

17:59:54.0736 3416        Number of processors: 4

17:59:54.0736 3416        Page size: 0x1000

17:59:54.0736 3416        Boot type: Normal boot

17:59:54.0736 3416        ============================================================

17:59:55.0747 3416        Initialize success

18:00:03.0461 4436        ============================================================

18:00:03.0461 4436        Scan started

18:00:03.0461 4436        Mode: Manual; SigCheck; TDLFS; 

18:00:03.0461 4436        ============================================================

18:00:04.0223 4436        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:00:04.0331 4436        1394ohci - ok

18:00:04.0388 4436        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:00:04.0399 4436        ACPI - ok

18:00:04.0415 4436        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:00:04.0442 4436        AcpiPmi - ok

18:00:04.0513 4436        adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

18:00:04.0604 4436        adfs - ok

18:00:04.0675 4436        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:00:04.0698 4436        adp94xx - ok

18:00:04.0729 4436        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:00:04.0760 4436        adpahci - ok

18:00:04.0788 4436        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:00:04.0802 4436        adpu320 - ok

18:00:04.0853 4436        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

18:00:04.0895 4436        AFD - ok

18:00:04.0915 4436        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:00:04.0932 4436        agp440 - ok

18:00:04.0956 4436        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:00:04.0972 4436        aliide - ok

18:00:04.0989 4436        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:00:05.0004 4436        amdide - ok

18:00:05.0025 4436        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:00:05.0064 4436        AmdK8 - ok

18:00:05.0116 4436        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:00:05.0167 4436        AmdPPM - ok

18:00:05.0207 4436        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:00:05.0246 4436        amdsata - ok

18:00:05.0268 4436        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:00:05.0289 4436        amdsbs - ok

18:00:05.0303 4436        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:00:05.0319 4436        amdxata - ok

18:00:05.0372 4436        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:00:05.0412 4436        AppID - ok

18:00:05.0440 4436        appliandMP - ok

18:00:05.0488 4436        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:00:05.0523 4436        arc - ok

18:00:05.0550 4436        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:00:05.0563 4436        arcsas - ok

18:00:05.0603 4436        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:00:05.0743 4436        AsyncMac - ok

18:00:05.0775 4436        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:00:05.0783 4436        atapi - ok

18:00:05.0841 4436        athrusb         (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys

18:00:05.0880 4436        athrusb - ok

18:00:05.0947 4436        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

18:00:05.0978 4436        avgntflt - ok

18:00:06.0011 4436        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys

18:00:06.0025 4436        avipbb - ok

18:00:06.0061 4436        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

18:00:06.0071 4436        avkmgr - ok

18:00:06.0123 4436        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:00:06.0195 4436        b06bdrv - ok

18:00:06.0241 4436        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:00:06.0270 4436        b57nd60a - ok

18:00:06.0289 4436        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:00:06.0327 4436        Beep - ok

18:00:06.0373 4436        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:00:06.0397 4436        blbdrive - ok

18:00:06.0442 4436        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:00:06.0489 4436        bowser - ok

18:00:06.0511 4436        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:00:06.0540 4436        BrFiltLo - ok

18:00:06.0560 4436        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:00:06.0586 4436        BrFiltUp - ok

18:00:06.0599 4436        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:00:06.0638 4436        Brserid - ok

18:00:06.0657 4436        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:00:06.0687 4436        BrSerWdm - ok

18:00:06.0700 4436        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:00:06.0728 4436        BrUsbMdm - ok

18:00:06.0743 4436        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:00:06.0771 4436        BrUsbSer - ok

18:00:06.0804 4436        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:00:06.0827 4436        BTHMODEM - ok

18:00:06.0845 4436        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:00:06.0890 4436        cdfs - ok

18:00:06.0920 4436        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

18:00:06.0957 4436        cdrom - ok

18:00:06.0977 4436        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:00:07.0008 4436        circlass - ok

18:00:07.0032 4436        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:00:07.0045 4436        CLFS - ok

18:00:07.0143 4436        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:00:07.0186 4436        CmBatt - ok

18:00:07.0221 4436        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:00:07.0234 4436        cmdide - ok

18:00:07.0277 4436        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

18:00:07.0314 4436        CNG - ok

18:00:07.0328 4436        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:00:07.0339 4436        Compbatt - ok

18:00:07.0359 4436        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:00:07.0390 4436        CompositeBus - ok

18:00:07.0415 4436        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:00:07.0426 4436        crcdisk - ok

18:00:07.0461 4436        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

18:00:07.0521 4436        CSC - ok

18:00:07.0566 4436        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:00:07.0643 4436        DfsC - ok

18:00:07.0660 4436        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:00:07.0697 4436        discache - ok

18:00:07.0706 4436        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:00:07.0718 4436        Disk - ok

18:00:07.0753 4436        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:00:07.0773 4436        drmkaud - ok

18:00:07.0813 4436        dump_wmimmc - ok

18:00:07.0896 4436        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:00:07.0962 4436        DXGKrnl - ok

18:00:07.0989 4436        E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

18:00:08.0004 4436        E1G60 - ok

18:00:08.0083 4436        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:00:08.0154 4436        ebdrv - ok

18:00:08.0193 4436        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:00:08.0214 4436        elxstor - ok

18:00:08.0322 4436        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:00:08.0400 4436        ErrDev - ok

18:00:08.0467 4436        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:00:08.0528 4436        exfat - ok

18:00:08.0577 4436        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:00:08.0620 4436        fastfat - ok

18:00:08.0644 4436        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:00:08.0657 4436        fdc - ok

18:00:08.0682 4436        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:00:08.0694 4436        FileInfo - ok

18:00:08.0714 4436        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:00:08.0754 4436        Filetrace - ok

18:00:08.0807 4436        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:00:08.0852 4436        flpydisk - ok

18:00:08.0891 4436        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:00:08.0909 4436        FltMgr - ok

18:00:08.0921 4436        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:00:08.0933 4436        FsDepends - ok

18:00:08.0950 4436        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

18:00:08.0961 4436        Fs_Rec - ok

18:00:09.0005 4436        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:00:09.0036 4436        fvevol - ok

18:00:09.0066 4436        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:00:09.0084 4436        gagp30kx - ok

18:00:09.0122 4436        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:00:09.0135 4436        GEARAspiWDM - ok

18:00:09.0193 4436        hamachi         (081ec78c25ba9b2a41f2e807736ff659) C:\Windows\system32\DRIVERS\hamachi.sys

18:00:09.0213 4436        hamachi - ok

18:00:09.0274 4436        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:00:09.0325 4436        hcw85cir - ok

18:00:09.0386 4436        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:00:09.0455 4436        HdAudAddService - ok

18:00:09.0475 4436        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

18:00:09.0493 4436        HDAudBus - ok

18:00:09.0510 4436        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:00:09.0540 4436        HidBatt - ok

18:00:09.0562 4436        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:00:09.0630 4436        HidBth - ok

18:00:09.0638 4436        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:00:09.0656 4436        HidIr - ok

18:00:09.0717 4436        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:00:09.0752 4436        HidUsb - ok

18:00:09.0772 4436        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:00:09.0784 4436        HpSAMD - ok

18:00:09.0836 4436        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:00:09.0882 4436        HTTP - ok

18:00:09.0909 4436        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:00:09.0917 4436        hwpolicy - ok

18:00:09.0952 4436        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

18:00:09.0968 4436        i8042prt - ok

18:00:10.0008 4436        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:00:10.0027 4436        iaStorV - ok

18:00:10.0044 4436        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:00:10.0057 4436        iirsp - ok

18:00:10.0085 4436        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:00:10.0095 4436        intelide - ok

18:00:10.0118 4436        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:00:10.0143 4436        intelppm - ok

18:00:10.0201 4436        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:00:10.0284 4436        IpFilterDriver - ok

18:00:10.0309 4436        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:00:10.0331 4436        IPMIDRV - ok

18:00:10.0355 4436        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:00:10.0390 4436        IPNAT - ok

18:00:10.0449 4436        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:00:10.0490 4436        IRENUM - ok

18:00:10.0513 4436        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:00:10.0529 4436        isapnp - ok

18:00:10.0571 4436        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:00:10.0598 4436        iScsiPrt - ok

18:00:10.0617 4436        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:00:10.0634 4436        kbdclass - ok

18:00:10.0681 4436        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

18:00:10.0730 4436        kbdhid - ok

18:00:10.0761 4436        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

18:00:10.0779 4436        KSecDD - ok

18:00:10.0803 4436        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

18:00:10.0824 4436        KSecPkg - ok

18:00:10.0842 4436        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:00:10.0881 4436        ksthunk - ok

18:00:10.0912 4436        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:00:10.0959 4436        lltdio - ok

18:00:10.0988 4436        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:00:11.0001 4436        LSI_FC - ok

18:00:11.0024 4436        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:00:11.0036 4436        LSI_SAS - ok

18:00:11.0056 4436        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:00:11.0068 4436        LSI_SAS2 - ok

18:00:11.0077 4436        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:00:11.0090 4436        LSI_SCSI - ok

18:00:11.0113 4436        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:00:11.0185 4436        luafv - ok

18:00:11.0206 4436        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:00:11.0217 4436        megasas - ok

18:00:11.0243 4436        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:00:11.0261 4436        MegaSR - ok

18:00:11.0286 4436        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:00:11.0327 4436        Modem - ok

18:00:11.0342 4436        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:00:11.0358 4436        monitor - ok

18:00:11.0393 4436        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:00:11.0404 4436        mouclass - ok

18:00:11.0427 4436        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:00:11.0447 4436        mouhid - ok

18:00:11.0491 4436        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:00:11.0521 4436        mountmgr - ok

18:00:11.0552 4436        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:00:11.0575 4436        mpio - ok

18:00:11.0591 4436        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:00:11.0629 4436        mpsdrv - ok

18:00:11.0678 4436        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:00:11.0767 4436        MRxDAV - ok

18:00:11.0827 4436        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:00:11.0878 4436        mrxsmb - ok

18:00:11.0928 4436        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:00:11.0958 4436        mrxsmb10 - ok

18:00:12.0013 4436        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:00:12.0028 4436        mrxsmb20 - ok

18:00:12.0050 4436        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:00:12.0061 4436        msahci - ok

18:00:12.0079 4436        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:00:12.0096 4436        msdsm - ok

18:00:12.0124 4436        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:00:12.0169 4436        Msfs - ok

18:00:12.0203 4436        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:00:12.0263 4436        mshidkmdf - ok

18:00:12.0297 4436        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:00:12.0326 4436        msisadrv - ok

18:00:12.0369 4436        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:00:12.0441 4436        MSKSSRV - ok

18:00:12.0472 4436        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:00:12.0506 4436        MSPCLOCK - ok

18:00:12.0514 4436        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:00:12.0542 4436        MSPQM - ok

18:00:12.0585 4436        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:00:12.0602 4436        MsRPC - ok

18:00:12.0637 4436        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:00:12.0644 4436        mssmbios - ok

18:00:12.0659 4436        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:00:12.0696 4436        MSTEE - ok

18:00:12.0713 4436        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:00:12.0725 4436        MTConfig - ok

18:00:12.0787 4436        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:00:12.0799 4436        Mup - ok

18:00:12.0835 4436        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:00:12.0880 4436        NativeWifiP - ok

18:00:12.0928 4436        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:00:12.0953 4436        NDIS - ok

18:00:12.0990 4436        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:00:13.0036 4436        NdisCap - ok

18:00:13.0064 4436        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:00:13.0093 4436        NdisTapi - ok

18:00:13.0133 4436        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:00:13.0175 4436        Ndisuio - ok

18:00:13.0212 4436        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:00:13.0256 4436        NdisWan - ok

18:00:13.0288 4436        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:00:13.0334 4436        NDProxy - ok

18:00:13.0350 4436        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:00:13.0394 4436        NetBIOS - ok

18:00:13.0412 4436        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:00:13.0449 4436        NetBT - ok

18:00:13.0484 4436        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:00:13.0496 4436        nfrd960 - ok

18:00:13.0518 4436        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:00:13.0556 4436        Npfs - ok

18:00:13.0584 4436        NPPTNT2 - ok

18:00:13.0595 4436        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:00:13.0621 4436        nsiproxy - ok

18:00:13.0687 4436        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:00:13.0772 4436        Ntfs - ok

18:00:13.0787 4436        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:00:13.0824 4436        Null - ok

18:00:14.0091 4436        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:00:14.0367 4436        nvlddmkm - ok

18:00:14.0403 4436        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:00:14.0416 4436        nvraid - ok

18:00:14.0435 4436        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:00:14.0449 4436        nvstor - ok

18:00:14.0536 4436        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:00:14.0577 4436        nv_agp - ok

18:00:14.0626 4436        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:00:14.0650 4436        ohci1394 - ok

18:00:14.0701 4436        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:00:14.0751 4436        Parport - ok

18:00:14.0788 4436        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

18:00:14.0807 4436        partmgr - ok

18:00:14.0833 4436        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:00:14.0856 4436        pci - ok

18:00:14.0871 4436        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:00:14.0886 4436        pciide - ok

18:00:14.0910 4436        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:00:14.0933 4436        pcmcia - ok

18:00:14.0956 4436        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:00:14.0974 4436        pcw - ok

18:00:15.0001 4436        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:00:15.0081 4436        PEAUTH - ok

18:00:15.0112 4436        pfc - ok

18:00:15.0198 4436        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:00:15.0269 4436        PptpMiniport - ok

18:00:15.0286 4436        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:00:15.0300 4436        Processor - ok

18:00:15.0343 4436        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:00:15.0385 4436        Psched - ok

18:00:15.0443 4436        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:00:15.0494 4436        ql2300 - ok

18:00:15.0514 4436        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:00:15.0528 4436        ql40xx - ok

18:00:15.0552 4436        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:00:15.0574 4436        QWAVEdrv - ok

18:00:15.0593 4436        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:00:15.0621 4436        RasAcd - ok

18:00:15.0662 4436        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:00:15.0753 4436        RasAgileVpn - ok

18:00:15.0791 4436        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:00:15.0822 4436        Rasl2tp - ok

18:00:15.0832 4436        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:00:15.0886 4436        RasPppoe - ok

18:00:15.0894 4436        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:00:15.0925 4436        RasSstp - ok

18:00:15.0969 4436        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:00:16.0066 4436        rdbss - ok

18:00:16.0074 4436        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:00:16.0101 4436        rdpbus - ok

18:00:16.0126 4436        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:00:16.0165 4436        RDPCDD - ok

18:00:16.0205 4436        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

18:00:16.0265 4436        RDPDR - ok

18:00:16.0293 4436        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:00:16.0346 4436        RDPENCDD - ok

18:00:16.0370 4436        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:00:16.0398 4436        RDPREFMP - ok

18:00:16.0456 4436        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

18:00:16.0510 4436        RdpVideoMiniport - ok

18:00:16.0561 4436        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

18:00:16.0630 4436        RDPWD - ok

18:00:16.0670 4436        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:00:16.0685 4436        rdyboost - ok

18:00:16.0741 4436        RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys

18:00:16.0783 4436        RMCAST - ok

18:00:16.0808 4436        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:00:16.0839 4436        rspndr - ok

18:00:16.0882 4436        RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:00:16.0901 4436        RTL8167 - ok

18:00:16.0935 4436        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

18:00:16.0983 4436        s3cap - ok

18:00:17.0026 4436        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:00:17.0064 4436        sbp2port - ok

18:00:17.0125 4436        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:00:17.0188 4436        scfilter - ok

18:00:17.0211 4436        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:00:17.0256 4436        secdrv - ok

18:00:17.0276 4436        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:00:17.0297 4436        Serenum - ok

18:00:17.0305 4436        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:00:17.0319 4436        Serial - ok

18:00:17.0354 4436        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:00:17.0375 4436        sermouse - ok

18:00:17.0415 4436        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:00:17.0452 4436        sffdisk - ok

18:00:17.0471 4436        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:00:17.0493 4436        sffp_mmc - ok

18:00:17.0510 4436        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:00:17.0530 4436        sffp_sd - ok

18:00:17.0541 4436        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:00:17.0555 4436        sfloppy - ok

18:00:17.0590 4436        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:00:17.0602 4436        SiSRaid2 - ok

18:00:17.0614 4436        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:00:17.0625 4436        SiSRaid4 - ok

18:00:17.0662 4436        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:00:17.0713 4436        Smb - ok

18:00:17.0740 4436        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:00:17.0751 4436        spldr - ok

18:00:17.0800 4436        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

18:00:17.0800 4436        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

18:00:17.0802 4436        sptd ( LockedFile.Multi.Generic ) - warning

18:00:17.0802 4436        sptd - detected LockedFile.Multi.Generic (1)

18:00:17.0838 4436        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:00:17.0859 4436        srv - ok

18:00:17.0894 4436        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:00:17.0922 4436        srv2 - ok

18:00:17.0946 4436        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:00:17.0961 4436        srvnet - ok

18:00:18.0017 4436        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:00:18.0040 4436        stexstor - ok

18:00:18.0059 4436        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

18:00:18.0076 4436        storflt - ok

18:00:18.0103 4436        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

18:00:18.0120 4436        storvsc - ok

18:00:18.0142 4436        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:00:18.0157 4436        swenum - ok

18:00:18.0195 4436        Synth3dVsc - ok

18:00:18.0242 4436        tap0901         (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys

18:00:18.0276 4436        tap0901 - ok

18:00:18.0306 4436        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

18:00:18.0321 4436        taphss - ok

18:00:18.0390 4436        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

18:00:18.0459 4436        Tcpip - ok

18:00:18.0675 4436        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

18:00:18.0726 4436        TCPIP6 - ok

18:00:18.0761 4436        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:00:18.0829 4436        tcpipreg - ok

18:00:18.0846 4436        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:00:18.0893 4436        TDPIPE - ok

18:00:18.0914 4436        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

18:00:18.0943 4436        TDTCP - ok

18:00:18.0971 4436        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:00:19.0003 4436        tdx - ok

18:00:19.0019 4436        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:00:19.0031 4436        TermDD - ok

18:00:19.0098 4436        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:00:19.0130 4436        tssecsrv - ok

18:00:19.0164 4436        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:00:19.0206 4436        TsUsbFlt - ok

18:00:19.0213 4436        tsusbhub - ok

18:00:19.0257 4436        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:00:19.0293 4436        tunnel - ok

18:00:19.0312 4436        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:00:19.0324 4436        uagp35 - ok

18:00:19.0370 4436        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:00:19.0410 4436        udfs - ok

18:00:19.0461 4436        UDST7000BDA     (20d0fdd0225a1722ca1575b31d09bc07) C:\Windows\system32\Drivers\UDST7000BDA.sys

18:00:19.0519 4436        UDST7000BDA - ok

18:00:19.0571 4436        UDST7000HID     (41bc5fdfe908f0f02486cd7289f2ad8a) C:\Windows\system32\drivers\UDST7000HID.sys

18:00:19.0600 4436        UDST7000HID - ok

18:00:19.0634 4436        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:00:19.0648 4436        uliagpkx - ok

18:00:19.0692 4436        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

18:00:19.0721 4436        umbus - ok

18:00:19.0751 4436        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:00:19.0784 4436        UmPass - ok

18:00:19.0848 4436        UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys

18:00:19.0861 4436        UnlockerDriver5 - ok

18:00:19.0930 4436        USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

18:00:19.0954 4436        USBAAPL64 - ok

18:00:20.0008 4436        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:00:20.0067 4436        usbccgp - ok

18:00:20.0124 4436        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:00:20.0169 4436        usbcir - ok

18:00:20.0211 4436        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:00:20.0230 4436        usbehci - ok

18:00:20.0264 4436        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:00:20.0306 4436        usbhub - ok

18:00:20.0350 4436        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

18:00:20.0385 4436        usbohci - ok

18:00:20.0411 4436        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:00:20.0432 4436        usbprint - ok

18:00:20.0474 4436        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:00:20.0496 4436        usbscan - ok

18:00:20.0530 4436        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:00:20.0551 4436        USBSTOR - ok

18:00:20.0588 4436        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

18:00:20.0633 4436        usbuhci - ok

18:00:20.0683 4436        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:00:20.0700 4436        vdrvroot - ok

18:00:20.0723 4436        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:00:20.0743 4436        vga - ok

18:00:20.0764 4436        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:00:20.0826 4436        VgaSave - ok

18:00:20.0846 4436        VGPU - ok

18:00:20.0870 4436        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:00:20.0887 4436        vhdmp - ok

18:00:20.0906 4436        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:00:20.0916 4436        viaide - ok

18:00:20.0940 4436        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

18:00:20.0955 4436        vmbus - ok

18:00:20.0974 4436        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

18:00:20.0999 4436        VMBusHID - ok

18:00:21.0019 4436        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:00:21.0030 4436        volmgr - ok

18:00:21.0075 4436        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:00:21.0101 4436        volmgrx - ok

18:00:21.0136 4436        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:00:21.0162 4436        volsnap - ok

18:00:21.0199 4436        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:00:21.0220 4436        vsmraid - ok

18:00:21.0237 4436        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

18:00:21.0272 4436        vwifibus - ok

18:00:21.0300 4436        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:00:21.0331 4436        WacomPen - ok

18:00:21.0351 4436        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:00:21.0411 4436        WANARP - ok

18:00:21.0416 4436        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:00:21.0442 4436        Wanarpv6 - ok

18:00:21.0477 4436        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:00:21.0505 4436        Wd - ok

18:00:21.0535 4436        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:00:21.0570 4436        Wdf01000 - ok

18:00:21.0612 4436        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:00:21.0640 4436        WfpLwf - ok

18:00:21.0664 4436        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:00:21.0675 4436        WIMMount - ok

18:00:21.0732 4436        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:00:21.0747 4436        WinUsb - ok

18:00:21.0781 4436        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:00:21.0810 4436        WmiAcpi - ok

18:00:21.0855 4436        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:00:21.0907 4436        ws2ifsl - ok

18:00:21.0950 4436        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:00:22.0016 4436        WudfPf - ok

18:00:22.0047 4436        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:00:22.0126 4436        WUDFRd - ok

18:00:22.0172 4436        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

18:00:22.0190 4436        xusb21 - ok

18:00:22.0222 4436        ZDCNDIS6a64 - ok

18:00:22.0261 4436        ZY202_VS        (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\WlanGZG.sys

18:00:22.0308 4436        ZY202_VS - ok

18:00:22.0341 4436        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:00:22.0471 4436        \Device\Harddisk0\DR0 - ok

18:00:22.0478 4436        Boot (0x1200)   (017132619628430ce765531272350aa0) \Device\Harddisk0\DR0\Partition0

18:00:22.0479 4436        \Device\Harddisk0\DR0\Partition0 - ok

18:00:22.0517 4436        Boot (0x1200)   (9db0158ae8a6d83532f4e4a0290ade9b) \Device\Harddisk0\DR0\Partition1

18:00:22.0519 4436        \Device\Harddisk0\DR0\Partition1 - ok

18:00:22.0522 4436        Boot (0x1200)   (ed3f2656da8fb06b6249c5fa3b365287) \Device\Harddisk0\DR0\Partition2

18:00:22.0523 4436        \Device\Harddisk0\DR0\Partition2 - ok

18:00:22.0524 4436        ============================================================

18:00:22.0524 4436        Scan finished

18:00:22.0524 4436        ============================================================

18:00:22.0537 4368        Detected object count: 1

18:00:22.0537 4368        Actual detected object count: 1

18:01:25.0986 4368        sptd ( LockedFile.Multi.Generic ) - skipped by user

18:01:25.0986 4368        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Log:

Code:

ComboFix 11-12-21.02 - Micha 21.12.2011  22:37:16.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2340 [GMT 1:00]

ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}

c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome.manifest

c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome\content\_cfg.js

c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\chrome\content\overlay.xul

c:\users\Micha\AppData\Local\{6914FB52-C4FC-42DD-AA46-43A6D02A776C}\install.rdf

c:\users\Micha\AppData\Roaming\Adobe\plugs

c:\users\Micha\AppData\Roaming\chrtmp

c:\users\Micha\AppData\Roaming\Local

c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Micha\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\windows\IsUn0407.exe

c:\windows\iun6002.exe

c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))

.

.

2011-12-21 15:03 . 2011-12-21 15:03        --------        d-----w-        C:\_OTL

2011-12-20 15:43 . 2011-12-17 05:09        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-20 15:43 . 2011-12-17 01:19        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-20 15:43 . 2011-12-17 01:19        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-20 15:43 . 2011-12-17 01:19        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-19 20:59 . 2011-12-19 20:59        --------        d-----w-        c:\users\Micha\AppData\Roaming\Malwarebytes

2011-12-19 20:59 . 2011-12-19 20:59        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-19 20:59 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-14 15:18 . 2011-12-14 15:18        --------        d-----w-        c:\program files\iTunes

2011-12-14 15:18 . 2011-12-14 15:18        --------        d-----w-        c:\program files\iPod

2011-12-14 06:34 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 06:33 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 06:33 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 06:33 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-14 06:33 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 06:33 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-11 19:40 . 2011-12-11 19:40        --------        d-----w-        c:\users\Micha\AppData\Local\FILSH_Media_GmbH

2011-12-11 19:40 . 2011-12-20 21:57        --------        d-----w-        c:\program files (x86)\FILSHtray

2011-12-08 13:12 . 2011-12-08 13:13        --------        d-----w-        c:\users\Micha\AppData\Roaming\Nitro PDF

2011-12-08 13:12 . 2011-10-25 15:13        17192        ----a-w-        c:\windows\system32\nitrolocalui2.dll

2011-12-08 13:12 . 2011-10-25 15:13        28968        ----a-w-        c:\windows\system32\nitrolocalmon2.dll

2011-12-08 13:12 . 2011-12-08 13:12        --------        d-----w-        c:\programdata\Nitro PDF

2011-12-08 13:11 . 2011-12-08 13:11        --------        d-----w-        c:\users\Micha\AppData\Roaming\Downloaded Installations

2011-11-24 11:43 . 2011-11-24 11:43        --------        d-----w-        c:\users\Micha\AppData\Local\Sidhe

2011-11-23 21:46 . 2011-12-05 16:09        --------        d-----w-        c:\users\Micha\AppData\Local\Ubisoft Game Launcher

2011-11-23 21:46 . 2011-11-23 21:46        --------        d-----w-        c:\programdata\Ubisoft

2011-11-22 20:54 . 2011-11-22 21:11        --------        d-----w-        c:\users\Micha\.android

2011-11-22 20:54 . 2011-11-22 22:05        --------        d-----w-        c:\program files (x86)\Android

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-09 06:34 . 2011-10-16 16:35        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-11-10 18:25 . 2011-05-16 13:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

2011-10-15 08:53 . 2011-10-25 13:48        837952        ----a-w-        c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-10-25 13:48        5067584        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-10-25 13:48        3074368        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2011-10-25 13:48        222528        ----a-w-        c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-10-25 13:48        1640768        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-10-25 13:48        137536        ----a-w-        c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-10-25 13:48        10406208        ----a-w-        c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-10-25 13:47        8791360        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-10-25 13:47        7581504        ----a-w-        c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 13:47        7041856        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-10-25 13:47        68928        ----a-w-        c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 13:47        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 13:47        5578560        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 13:47        2808128        ----a-w-        c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-10-25 13:47        2542912        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 13:47        24796992        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-10-25 13:47        24742720        ----a-w-        c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-10-25 13:47        2458432        ----a-w-        c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-10-25 13:47        2401088        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 13:47        2232128        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 13:47        2099520        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 13:47        18871616        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-10-25 13:47        17248576        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-10-25 13:47        15693120        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-10-25 13:47        1533248        ----a-w-        c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-10-25 13:47        1454400        ----a-w-        c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-10-25 13:47        13205312        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2011-10-25 13:47        12971840        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-10-14 22:54 . 2011-10-14 22:54        321856        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2011-10-11 13:00 . 2011-10-16 16:35        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-16 16:35        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-09-29 16:29 . 2011-11-09 17:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 dump_wmimmc;dump_wmimmc;d:\programme\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [x]

R3 ZY202_VS;Deutsche Telekom 802.11g 1211 Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 DVBVRecorder;DVBViewer Recording Service;c:\program files (x86)\DVBViewer\DVBVservice.exe [2010-10-16 617600]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]

S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 UDST7000BDA;%UDST7000BDA.FriendlyName%;c:\windows\system32\Drivers\UDST7000BDA.sys [x]

S3 UDST7000HID;TechniSat - HID Driver;c:\windows\system32\drivers\UDST7000HID.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job

- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job

- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://shop.thefreevpn.com/home.php

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local;*.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.xrel.to/releases.html

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKU-Default-Run-Duden Korrektor SysTray - c:\program files (x86)\Duden\Duden Korrektor\DKTray.exe

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{2C41B757-F5D0-44F9-A206-EEB9CD973927}\Controller Editor Setup PC.exe

AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe

AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe

AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{1E073424-A3F8-474B-A503-A99428594527}\Audio 8 DJ Driver Setup.exe

AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe

AddRemove-{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09} - c:\program files (x86)\InstallShield Installation Information\{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*¿)x\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\SecuROM\License information*]

"datasecu"=hex:15,ce,37,c3,a6,72,d4,c5,c6,70,64,c0,1c,2b,6a,e5,b4,f5,f5,92,cc,

   2b,14,3f,e9,a4,12,03,d0,fe,07,4a,f2,49,1a,9b,c3,52,cc,34,67,9a,33,e8,ca,b9,\

"rkeysecu"=hex:5c,fa,46,dd,d2,34,fc,cb,17,7c,1e,b9,96,61,8e,4b

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="B74AA8DA050386E1D1A66B7150ED092EA5DAAED1F17F998D1FD9ED7051C754DA90F16D7AF1068E5C66B0FD88F23C24CEED1FD6121790D4529D4678C25F7EB79C0309A011365532F92DCF5AAEA9090CA5337A8C42B6548BEDC5B0A074A12527A64F733DCCE163BF6EAC890B619EFBF045683889CAB3C4EDED9049757BD3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C51E9756C21CC70C71902C768FC41096BF7CA74276DF055C7029CB13F8813C3F1DAF35D9CED1993DB944EE158479E9F76E019EA1A27597BD314AE6909ADA6E1E8706865CE041AEDD2CCB8A9AB9FA8AAB202DCAF17625FEB9BA89A6AF1FBA87E872E0E56CC2622A265B50963B42F04D934C07F24194B198129BC8BD34044C0C17146722CC36E8BC67352CC092AF1DB50B01B305E81E4A08EAEE0EE771BAE9B49EEFC6415464632647C3E56C5A5B95DA5049D61A6920317D4FD397ADD8FB467276E2C79F4C7EEF6F9A8A8B87BA5AB39642B6BC77BF3D21C8D907DA3BE0D2758DD80BF08E2A3FBBF79BF52CF3C8E3F250BCB3EDE0EB0CED8E4027AA50BE827266959BBADAB15D4F2483293B553A4415C0D2B5FE344384BF67A919181635BAB0D34D1334B4EBFB5FD4110544E3B12D39AD1B5305937DD6C24E122B3771F8080CCA0E7CF827DA72DD2B08F133D26E66AA333F7A105B5DA2C14233EEC90C95944A7043C4FBC21B521E3DB0B646BF7944E3B0226BBF1BE47587EBB90D718A049E8E626928328D53947ACF5006D0748709C2B009699ED0AA4939B1A68241D1719B454455450B0E9622BA72A10670165374642E4C56B8A80D6522BA3BA1771D176C441128EAF0FE1462F551602210E4E060F525AD0731EBEA35F71AF9F882D2D6F85003273AE37745F063BCBBE7DA7385F102F01FA0A43183858B189D065AB38FAB9E93C55EE688D0AB5E252D5F28A0BA9B734EB2C995891A12F3AF130AD0CB2EE7AD9BFAFA5A1CB089BD622770A3864B0C33EA06E227EE2D5A8571DC174B0160AB0AEBC1E9CA784FEE7A82B7962F693204B2F1BEF351D7BAA5FDB332C64C10C6B9B4C29E02F81BD791DEECC57AFCD1F8BB5EBCB85FCDD7C5BC19FCEBB37A97197CD9AEC5E50FA34E193BFDEADB50A3CE9C15F122532AE3B88907C8261BD98DA762E86659E86A6558BF7B72C3F4EBFDA167DF6486825C0C13560D0CF30DD000E55F7FEE34E67D547AC48F87070EA401A4CCFA33890390C4C481E80305F0F9806E4B875AD3FA3A360DC59275FCC0BA74DB1F05B21FEE44A4E8D05708F4CDC5DEFB854E47A657BE92B1B53EC9E024750FE4AED98363B3578EAB3A88CCDF5E78CB0CA03C6F75AC249E8C7B0734861C7DEEB8227D61DEF475A7D"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-12-21  22:43:59

ComboFix-quarantined-files.txt  2011-12-21 21:43

.

Vor Suchlauf: 1.871.409.152 Bytes frei

Nach Suchlauf: 1.729.617.920 Bytes frei

.

- - End Of File - - E740F66148211778AFA49DC512D81464

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Driver::

VGPU
 

File::

c:\windows\system32\drivers\rdvgkmd.sys

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Log:

Code:

ComboFix 11-12-22.01 - Micha 22.12.2011  16:06:13.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2074 [GMT 1:00]

ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Micha\Desktop\CFScript.TXT

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\windows\system32\drivers\rdvgkmd.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_VGPU

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))

.

.

2011-12-22 15:11 . 2011-12-22 15:11        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2011-12-22 15:11 . 2011-12-22 15:11        --------        d-----w-        c:\users\Mcx1-M7CHA\AppData\Local\temp

2011-12-22 15:11 . 2011-12-22 15:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-21 15:03 . 2011-12-21 15:03        --------        d-----w-        C:\_OTL

2011-12-20 15:43 . 2011-12-17 05:09        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-20 15:43 . 2011-12-17 01:19        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-20 15:43 . 2011-12-17 01:19        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-20 15:43 . 2011-12-17 01:19        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-19 20:59 . 2011-12-19 20:59        --------        d-----w-        c:\users\Micha\AppData\Roaming\Malwarebytes

2011-12-19 20:59 . 2011-12-19 20:59        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-19 20:59 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-14 15:18 . 2011-12-14 15:18        --------        d-----w-        c:\program files\iTunes

2011-12-14 15:18 . 2011-12-14 15:18        --------        d-----w-        c:\program files\iPod

2011-12-14 06:34 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 06:33 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 06:33 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 06:33 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-14 06:33 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 06:33 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-11 19:40 . 2011-12-11 19:40        --------        d-----w-        c:\users\Micha\AppData\Local\FILSH_Media_GmbH

2011-12-11 19:40 . 2011-12-20 21:57        --------        d-----w-        c:\program files (x86)\FILSHtray

2011-12-08 13:12 . 2011-12-08 13:13        --------        d-----w-        c:\users\Micha\AppData\Roaming\Nitro PDF

2011-12-08 13:12 . 2011-10-25 15:13        17192        ----a-w-        c:\windows\system32\nitrolocalui2.dll

2011-12-08 13:12 . 2011-10-25 15:13        28968        ----a-w-        c:\windows\system32\nitrolocalmon2.dll

2011-12-08 13:12 . 2011-12-08 13:12        --------        d-----w-        c:\programdata\Nitro PDF

2011-12-08 13:11 . 2011-12-08 13:11        --------        d-----w-        c:\users\Micha\AppData\Roaming\Downloaded Installations

2011-11-24 11:43 . 2011-11-24 11:43        --------        d-----w-        c:\users\Micha\AppData\Local\Sidhe

2011-11-23 21:46 . 2011-12-05 16:09        --------        d-----w-        c:\users\Micha\AppData\Local\Ubisoft Game Launcher

2011-11-23 21:46 . 2011-11-23 21:46        --------        d-----w-        c:\programdata\Ubisoft

2011-11-22 20:54 . 2011-11-22 21:11        --------        d-----w-        c:\users\Micha\.android

2011-11-22 20:54 . 2011-11-22 22:05        --------        d-----w-        c:\program files (x86)\Android

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-09 06:34 . 2011-10-16 16:35        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-11-10 18:25 . 2011-05-16 13:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

2011-10-15 08:53 . 2011-10-25 13:48        837952        ----a-w-        c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-10-25 13:48        5067584        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-10-25 13:48        3074368        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2011-10-25 13:48        222528        ----a-w-        c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-10-25 13:48        1640768        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-10-25 13:48        137536        ----a-w-        c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-10-25 13:48        10406208        ----a-w-        c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-10-25 13:47        8791360        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-10-25 13:47        7581504        ----a-w-        c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 13:47        7041856        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-10-25 13:47        68928        ----a-w-        c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 13:47        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-10-25 13:47        5578560        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-10-25 13:47        2808128        ----a-w-        c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-10-25 13:47        2542912        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 13:47        24796992        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-10-25 13:47        24742720        ----a-w-        c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-10-25 13:47        2458432        ----a-w-        c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-10-25 13:47        2401088        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-10-25 13:47        2232128        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 13:47        2099520        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-25 13:47        18871616        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-10-25 13:47        17248576        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-10-25 13:47        15693120        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-10-25 13:47        1533248        ----a-w-        c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-10-25 13:47        1454400        ----a-w-        c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-10-25 13:47        13205312        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2011-10-25 13:47        12971840        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-10-14 22:54 . 2011-10-14 22:54        321856        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2011-10-11 13:00 . 2011-10-16 16:35        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-16 16:35        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-09-29 16:29 . 2011-11-09 17:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-12-21_21.42.36   )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 05:10 . 2011-12-21 20:55        28062              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-22 11:02        28062              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-05 16:30 . 2011-12-22 11:02        13202              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2034920276-3348135786-2086485318-1000_UserData.bin

- 2010-02-05 16:30 . 2011-12-21 20:55        13202              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2034920276-3348135786-2086485318-1000_UserData.bin

- 2011-08-09 06:24 . 2009-03-18 15:35        33856              c:\windows\system32\hamachi.sys

+ 2011-08-09 06:24 . 2009-03-18 16:35        33856              c:\windows\system32\hamachi.sys

- 2011-12-21 20:53 . 2011-12-21 20:53        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-22 15:13 . 2011-12-22 15:13        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-22 15:13 . 2011-12-22 15:13        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-21 20:53 . 2011-12-21 20:53        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2011-12-22 15:12        437582              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-21 18:26        437582              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-22 11:00 . 2011-12-22 11:00        3819520              c:\windows\Installer\f548.msi

- 2010-03-20 15:44 . 2011-12-21 18:26        32977944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2034920276-3348135786-2086485318-1000-8192.dat

+ 2010-03-20 15:44 . 2011-12-22 15:12        32977944              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2034920276-3348135786-2086485318-1000-8192.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 dump_wmimmc;dump_wmimmc;d:\programme\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [x]

R3 ZY202_VS;Deutsche Telekom 802.11g 1211 Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 DVBVRecorder;DVBViewer Recording Service;c:\program files (x86)\DVBViewer\DVBVservice.exe [2010-10-16 617600]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]

S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 UDST7000BDA;%UDST7000BDA.FriendlyName%;c:\windows\system32\Drivers\UDST7000BDA.sys [x]

S3 UDST7000HID;TechniSat - HID Driver;c:\windows\system32\drivers\UDST7000HID.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000Core.job

- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]

.

2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034920276-3348135786-2086485318-1000UA.job

- c:\users\Micha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 20:31]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"combofix"="c:\combofix\CF1888.3XE" [2010-11-20 345088]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://shop.thefreevpn.com/home.php

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local;*.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\lcry2s8f.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.xrel.to/releases.html

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*¿)x\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2034920276-3348135786-2086485318-1000\Software\SecuROM\License information*]

"datasecu"=hex:15,ce,37,c3,a6,72,d4,c5,c6,70,64,c0,1c,2b,6a,e5,b4,f5,f5,92,cc,

   2b,14,3f,e9,a4,12,03,d0,fe,07,4a,f2,49,1a,9b,c3,52,cc,34,67,9a,33,e8,ca,b9,\

"rkeysecu"=hex:5c,fa,46,dd,d2,34,fc,cb,17,7c,1e,b9,96,61,8e,4b

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="B74AA8DA050386E1D1A66B7150ED092EA5DAAED1F17F998D1FD9ED7051C754DA90F16D7AF1068E5C66B0FD88F23C24CEED1FD6121790D4529D4678C25F7EB79C0309A011365532F92DCF5AAEA9090CA5337A8C42B6548BEDC5B0A074A12527A64F733DCCE163BF6EAC890B619EFBF045683889CAB3C4EDED9049757BD3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C51E9756C21CC70C71902C768FC41096BF7CA74276DF055C7029CB13F8813C3F1DAF35D9CED1993DB944EE158479E9F76E019EA1A27597BD314AE6909ADA6E1E8706865CE041AEDD2CCB8A9AB9FA8AAB202DCAF17625FEB9BA89A6AF1FBA87E872E0E56CC2622A265B50963B42F04D934C07F24194B198129BC8BD34044C0C17146722CC36E8BC67352CC092AF1DB50B01B305E81E4A08EAEE0EE771BAE9B49EEFC6415464632647C3E56C5A5B95DA5049D61A6920317D4FD397ADD8FB467276E2C79F4C7EEF6F9A8A8B87BA5AB39642B6BC77BF3D21C8D907DA3BE0D2758DD80BF08E2A3FBBF79BF52CF3C8E3F250BCB3EDE0EB0CED8E4027AA50BE827266959BBADAB15D4F2483293B553A4415C0D2B5FE344384BF67A919181635BAB0D34D1334B4EBFB5FD4110544E3B12D39AD1B5305937DD6C24E122B3771F8080CCA0E7CF827DA72DD2B08F133D26E66AA333F7A105B5DA2C14233EEC90C95944A7043C4FBC21B521E3DB0B646BF7944E3B0226BBF1BE47587EBB90D718A049E8E626928328D53947ACF5006D0748709C2B009699ED0AA4939B1A68241D1719B454455450B0E9622BA72A10670165374642E4C56B8A80D6522BA3BA1771D176C441128EAF0FE1462F551602210E4E060F525AD0731EBEA35F71AF9F882D2D6F85003273AE37745F063BCBBE7DA7385F102F01FA0A43183858B189D065AB38FAB9E93C55EE688D0AB5E252D5F28A0BA9B734EB2C995891A12F3AF130AD0CB2EE7AD9BFAFA5A1CB089BD622770A3864B0C33EA06E227EE2D5A8571DC174B0160AB0AEBC1E9CA784FEE7A82B7962F693204B2F1BEF351D7BAA5FDB332C64C10C6B9B4C29E02F81BD791DEECC57AFCD1F8BB5EBCB85FCDD7C5BC19FCEBB37A97197CD9AEC5E50FA34E193BFDEADB50A3CE9C15F122532AE3B88907C8261BD98DA762E86659E86A6558BF7B72C3F4EBFDA167DF6486825C0C13560D0CF30DD000E55F7FEE34E67D547AC48F87070EA401A4CCFA33890390C4C481E80305F0F9806E4B875AD3FA3A360DC59275FCC0BA74DB1F05B21FEE44A4E8D05708F4CDC5DEFB854E47A657BE92B1B53EC9E024750FE4AED98363B3578EAB3A88CCDF5E78CB0CA03C6F75AC249E8C7B0734861C7DEEB8227D61DEF475A7D"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-12-22  16:19:19 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-12-22 15:19

.

Vor Suchlauf: 1.692.717.056 Bytes frei

Nach Suchlauf: 1.433.251.840 Bytes frei

.

- - End Of File - - B69383CF348AE5BDEF95FDCD7CFF4FDC