Festplatte speichert nicht mehr
So guten Abend erstmal.
Habe mich bereits etwas über mein Problem informiert und mir wurde gesagt, das es nach den typischen Symptomen einer kaputten SSD klingt.
Da mein Computer aber noch recht neu ist (kein halbes Jahr alt soweit ich mich recht erinnere) möchte ich die Hoffnung nicht aufgeben, das Problem lösen zu können ohne den PC längere Zeit irgendwo einsenden zu müssen.
Zu meinem System:
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333)
Language: German (Regional Setting: German)
System Manufacturer: MSI
System Model: MS-7599
BIOS: Default System BIOS
Processor: AMD Phenom(tm) II X6 1090T Processor (6 CPUs), ~3.2GHz
Memory: 16384MB RAM
Available OS Memory: 16384MB RAM
Page File: 2995MB used, 29768MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
Betriebssystem + wichtige Programme auf einer 60gb SSD installiert.
Spiele und andere weniger wichtige Sachen auf einer 1TB SATA.
Für Filme etc. hängt noch eine 2TB Sata dran.
Jetzt zum eigentlichen Problem:
Seit ca. einer Woche scheint meine SSD nichts mehr zu speichern.
Wenn ich etwas Downloade sagt mir Firefox er könne nicht unter C Speichern obwohl mein Download Ordner auf E liegt. (Hab ich nochmal in den Einstellungen nachgeprüft)
Viele Spiele lassen sich ebenfalls nicht mehr öffnen oder starten zumindest nicht richtig.
Skype meldet sich nicht mehr automatisch an und die anmeldung funktioniert nur noch wenn ich mir vorher durch die PW Vergessen Funtkion einen Code auf die Email zuschicken lasse.
Nach dem neustart müsste ich dasselbe dann natürlich nochmal machen.
Seltsamerweise kann ich aber sehr wohl noch Sachen auf dem Desktop speichern obwohl dieses auf C liegt.
Ich habe bereits mit Mbam einen Scan durchgeführt und es wurden auch einige Trojaner gefunden.
Da diese aber sämtlich zu einem Keygen gehören und diese soweit ich weiß immer als Trojaner angezeigt werden, denke ich egtl. das diese nicht das Problem sind.
Habe sie auf jeden Fall gelöscht und direkt danach den PC neu gestartet und danach hat Skype sich plötzlich wieder automatisch angemeldet, dann aber auch wieder instant ausgeloggt woraufhin eine erneute Anmeldung unmöglich war. (Diesmal hab ich es nicht über die Mail versucht)
Hier jetzt die Logs der Programme:
OTL: Code:
OTL logfile created on: 03.12.2012 18:15:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
16,00 Gb Total Physical Memory | 13,68 Gb Available Physical Memory | 85,51% Memory free
32,00 Gb Paging File | 29,41 Gb Available in Paging File | 91,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 397,14 Gb Free Space | 42,63% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 1257,08 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.03 18:12:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.11.08 19:20:08 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.11.08 19:20:08 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe
PRC - [2012.08.28 14:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- E:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.04 14:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.09.24 10:15:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.23 16:08:28 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.03.15 14:03:30 | 000,174,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- E:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010.10.20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010.08.16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
PRC - [2010.06.04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010.05.28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010.04.22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.11.26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
PRC - [2009.08.10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
PRC - [2008.06.19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008.02.04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.08 19:20:08 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.11.08 19:20:08 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.08 19:20:08 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.02.14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll
MOD - [2004.05.19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll
========== Services (SafeList) ==========
SRV - [2012.11.13 14:47:10 | 009,016,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2012.11.09 08:44:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.08 19:20:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.10.31 20:30:51 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.10.09 15:29:45 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Programme\HiPatchService.exe -- (HiPatchService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.24 10:15:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.15 14:03:30 | 000,174,400 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe -- (TPSrv)
SRV - [2010.12.13 13:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.10.20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.08.16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE -- (PSHost)
SRV - [2009.08.10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.11 05:54:36 | 057,820,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2008.07.11 05:54:36 | 000,430,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008.07.11 05:54:32 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.06.19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.11.08 19:20:08 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.27 17:28:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.31 15:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.13 13:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.09 15:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2010.09.01 10:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044)
DRV:64bit: - [2010.06.22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2010.05.21 12:50:50 | 000,065,608 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.25 13:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009.09.25 13:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009.09.25 13:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009.09.25 13:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.07.10 04:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.02.06 02:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.01.06 10:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7599vHE0\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- E:\Programme\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.12.10 15:40:02 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\msibios64.sys -- (MsibiosDevice)
DRV - [2008.02.15 15:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys -- (FLASHSYS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA EB 59 83 3C 75 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=6728db76-444f-400a-b44b-2e5af887114a&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{77DE90BF-B4EA-4073-AB34-DC7BC6A4333B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0D107C67-F1B9-4FDD-AFC3-C2EC4ACA0D28&apn_sauid=8E6AA00F-0E07-4DD9-98B9-40CC64DBDB00
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C16FB727-7200-41C0-A799-D11D16993ED3}&mid=70efecf8d7e247d1b9d6bd2b2b8d5e78-d341b659e8805ec0562f5a09aaa9dbf691afca05&lang=en&ds=tg027&pr=sa&d=2011-09-18 12:22:46&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: gmailnoads@mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.5
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bbe428dea-addf-4daf-a29f-a9dbf732517d%7D&mid=70efecf8d7e247d1b9d6bd2b2b8d5e78-d341b659e8805ec0562f5a09aaa9dbf691afca05&ds=tg027&v=12.2.5.32&lang=en&pr=sa&d=2011-09-18%2012%3A22%3A46&sap=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.08 19:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Programme\FireFox\components [2012.10.28 21:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Programme\FireFox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Programme\FireFox\components [2012.10.28 21:07:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Programme\FireFox\plugins
[2011.09.17 15:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.11.23 12:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\p5gs5e2k.default\extensions
[2012.11.15 11:03:39 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\p5gs5e2k.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.09.26 12:44:45 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\p5gs5e2k.default\extensions\gmailnoads@mywebber.com.xpi
[2012.11.23 12:32:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\p5gs5e2k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.18 11:39:02 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\p5gs5e2k.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2012.08.28 06:44:49 | 000,002,396 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\p5gs5e2k.default\searchplugins\askcom.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [VirtualCloneDrive] E:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCDEC4F7-DB13-4F01-B1F4-474EAC0E9684}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.01 13:36:50 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{90eba686-11de-11e1-a574-6c626dd04a66}\Shell - "" = AutoRun
O33 - MountPoints2\{90eba686-11de-11e1-a574-6c626dd04a66}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{aa2ab43f-e119-11e0-8dd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa2ab43f-e119-11e0-8dd2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O33 - MountPoints2\{dca5a2b2-abe0-11e1-8303-6c626dd04a66}\Shell - "" = AutoRun
O33 - MountPoints2\{dca5a2b2-abe0-11e1-8303-6c626dd04a66}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.03 18:12:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.03 10:39:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E133E062-BD40-43E0-AB01-C78F57B3AEC7}
[2012.12.02 20:03:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{ED65B825-4B35-46E7-B81D-EEBB0B4C5595}
[2012.11.30 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.11.30 14:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.30 14:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.30 14:09:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.30 14:08:44 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.30 13:31:21 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\EA Games
[2012.11.30 07:23:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B4C8A4CA-325F-47FC-B61C-E6239DBB2112}
[2012.11.29 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{89BB1ABE-2EE5-447A-BEF5-F41CBE178F82}
[2012.11.28 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D8628FF2-F93F-4953-A71C-F74E77178629}
[2012.11.28 18:29:02 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\The Witcher
[2012.11.28 18:29:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\The Witcher
[2012.11.28 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2012.11.28 16:47:57 | 000,000,000 | ---D | C] -- C:\temp
[2012.11.28 13:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.11.28 13:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.11.28 13:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2012.11.28 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Witcher 2
[2012.11.28 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\The Witcher 2
[2012.11.28 10:32:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E4E66D7B-45F2-4ADB-B563-1C91B01D6A58}
[2012.11.27 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E514C9CF-364C-4065-B154-1ACE28264440}
[2012.11.23 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F3A17DB0-EC21-4767-8AAF-E39147B612D3}
[2012.11.22 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5021E8EA-A158-4886-9D55-F7A7D8A436F1}
[2012.11.21 11:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.11.21 11:49:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012.11.21 10:19:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6F362B12-02D9-4B15-9A14-1D5F81394F1D}
[2012.11.20 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{61C7CE9B-0F79-485B-BED1-76446F574246}
[2012.11.20 09:20:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{48680130-EE87-4DC9-A835-A476FF9352B0}
[2012.11.19 20:33:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B8518C30-0662-4718-B1C4-9997043BD95D}
[2012.11.19 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{13DA8C7A-46B8-4E72-B7A0-64C52DA74271}
[2012.11.18 20:21:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{168E33BD-34F4-460F-88CD-8336BB88AC08}
[2012.11.16 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{46072A44-647D-41A5-BA44-BCA4D84E2BA9}
[2012.11.15 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{752A57C8-4DF8-488E-A831-15C9BC0E0267}
[2012.11.15 02:47:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A4DCE80C-D0C2-4E6A-BA02-56B1C10AAA2E}
[2012.11.14 14:47:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9F058649-B99F-4936-AD79-78EB861AA423}
[2012.11.14 02:47:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CC4C82CD-733C-4A89-9FE9-A1FC8FA871B4}
[2012.11.13 14:46:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D8318C02-6209-48B6-8A03-7DD8E4E200E8}
[2012.11.12 08:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MDF to ISO
[2012.11.12 04:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012.11.12 04:22:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.11.12 04:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.11.12 03:45:17 | 000,000,000 | ---D | C] -- C:\Users\****\.dvdcss
[2012.11.12 03:44:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.11.12 03:44:08 | 000,000,000 | ---D | C] -- C:\Users\****\FormatFactory
[2012.11.12 03:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.12 03:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.12 03:32:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2012.11.12 03:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
[2012.11.12 03:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XviD
[2012.11.12 03:29:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012.11.12 03:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012.11.12 03:29:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
[2012.11.12 03:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2012.11.12 03:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK
[2012.11.12 03:21:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2012.11.12 03:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2012.11.12 03:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2012.11.12 03:18:24 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My ISO Files
[2012.11.11 18:36:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A81BA17A-836F-41F5-B68F-217A78668591}
[2012.11.09 11:29:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{36D18C2D-7398-4A4C-A669-BF7E58EE4BE7}
[2012.11.08 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7736C7EC-6B65-46FC-83C6-23AEF721E575}
[2012.11.08 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{743211AB-4E63-4D8A-BE1E-DB9D6725AC11}
[2012.11.07 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TeamViewer
[2012.11.07 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A9BDDA99-3F11-4FC3-8BA2-4D83F13C0078}
[2012.11.06 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C632DEF3-E1EA-41D6-ACF8-342EB46AA8CC}
[2012.11.05 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D25EC1C7-1076-4B2C-A4DF-C3A08BEA8987}
[2012.11.05 10:52:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5CA5E19D-2439-41C8-8AD4-63FC393B9AE4}
[2012.11.04 18:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.04 18:43:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{049E0E79-4C7B-4BAA-9DB9-9D8B0D15B8AE}
========== Files - Modified Within 30 Days ==========
[2012.12.03 18:14:17 | 000,000,148 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.12.03 18:13:02 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\yo9lfx8y.exe
[2012.12.03 18:12:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.03 18:11:51 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.12.03 18:03:42 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 18:03:42 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 17:57:34 | 000,317,472 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2012.12.03 17:57:34 | 000,317,472 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2012.12.03 17:57:34 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2012.12.03 17:57:34 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2012.12.03 17:57:34 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2012.12.03 17:57:34 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2012.12.03 17:57:34 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2012.12.03 17:57:34 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2012.12.03 17:57:34 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2012.12.03 17:57:34 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2012.12.03 17:57:34 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2012.12.03 17:57:34 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2012.12.03 17:57:34 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2012.12.03 17:57:34 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2012.12.03 17:56:40 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2012.12.03 17:56:40 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2012.12.03 17:56:39 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2012.12.03 17:56:39 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2012.12.03 17:56:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 17:56:17 | 4294,299,646 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 17:19:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.03 10:44:54 | 000,772,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 10:44:54 | 000,726,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 10:44:54 | 000,409,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 10:44:54 | 000,177,310 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 10:44:54 | 000,149,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.30 14:10:06 | 000,633,992 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2012.11.30 14:10:06 | 000,633,992 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2012.11.30 14:09:41 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.30 14:08:45 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.28 16:55:18 | 001,802,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.28 13:46:50 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.11.21 12:03:24 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.11.16 08:21:17 | 002,902,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 01:05:39 | 000,003,855 | ---- | M] () -- C:\Users\****\Desktop\Acc Liste Imaginarum.rtf
[2012.11.12 08:41:39 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.12 03:38:02 | 000,000,551 | ---- | M] () -- C:\Users\****\AppData\Roaming\AutoGK.ini
[2012.11.08 19:20:08 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.04 18:44:59 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
========== Files Created - No Company Name ==========
[2012.12.03 18:14:17 | 000,000,148 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.12.03 18:13:02 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\yo9lfx8y.exe
[2012.12.03 18:11:51 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.11.30 14:09:41 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.28 13:46:50 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012.11.21 11:53:45 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.11.16 00:57:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 00:54:41 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 08:37:07 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.12 04:22:27 | 000,000,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.11.12 03:38:02 | 000,000,551 | ---- | C] () -- C:\Users\****\AppData\Roaming\AutoGK.ini
[2012.11.07 00:51:15 | 000,003,855 | ---- | C] () -- C:\Users\****\Desktop\Acc Liste Imaginarum.rtf
[2012.11.04 18:44:59 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.03 12:40:29 | 000,033,406 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.28 00:17:22 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.26 09:06:14 | 000,000,452 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.24 18:04:58 | 000,000,092 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2011.09.24 10:21:27 | 001,802,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.24 10:16:02 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.24 10:15:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.24 10:15:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.18 00:33:31 | 000,017,172 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.17 19:08:19 | 000,007,602 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2011.09.17 18:57:16 | 000,000,321 | ---- | C] () -- C:\Windows\game.ini
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.11.02 13:41:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock
[2012.11.12 04:22:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.04.06 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2012.06.07 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations
[2012.11.12 03:33:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2012.10.30 23:15:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\fltk.org
[2012.06.20 06:23:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Freemium
[2012.11.12 03:24:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2012.01.20 10:40:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2011.10.24 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jens Lorek
[2011.09.24 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2012.05.26 14:36:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient2
[2011.09.25 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAXON
[2011.09.27 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2012.09.23 13:37:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy
[2011.09.25 23:58:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011.09.17 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Panda Security
[2012.11.07 16:14:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.09.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
|
