| XRatzorX | 21.01.2011 23:38 |
toolbar und bittorrent deinstalliert
zu 3.1 otl
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=de_DE&apn_uid=1BD7261F-7899-4EFD-9FFD-169874EBF810&apn_ptnrs=GX&apn_sauid=D45257C8-0BD8-454C-8705-B7A0E77AD4AC&apn_dtid=YYYYYYB8DE&q=" removed from keyword.URL
Folder C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
File not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
C:\Windows\Jxarab.exe moved successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:58C9BCAC deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Georg
->Temp folder emptied: 7449338 bytes
->Temporary Internet Files folder emptied: 272375392 bytes
->Java cache emptied: 4376290 bytes
->FireFox cache emptied: 90686817 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13429 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10644566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102159 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 368,00 mb
OTL by OldTimer - Version 3.2.20.3 log created on 01212011_171552
Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot.
C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
zu 3.2 ESET Online Scanner
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=3226271abbc8314d9128a8844cd3b15a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-21 10:09:59
# local_time=2011-01-21 11:09:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 24896 32164291 60756 0
# compatibility_mode=5893 16776573 100 94 295963 47257285 0 0
# compatibility_mode=8192 67108863 100 0 3718 3718 0 0
# scanned=213921
# found=7
# cleaned=0
# scan_time=20364
C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\angelbot v 2.4.5 by felixli93.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\trienes's Angelbot v0.5.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\trienes's Angelbot v0.5\trienes's Angelbot v0.5.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Georg\Downloads\angelbot v 2.4.5 by felixli93.zip Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Georg\Downloads\Angelbot(4.3) by Hans Wurst.zip Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Georg\Downloads\trienes's Angelbot v0.5.rar Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01212011_171552\C_Windows\Jxarab.exe a variant of Win32/Kryptik.JWP trojan (unable to clean) 00000000000000000000000000000000 I
zu 4: otlOTL Logfile: Code:
OTL logfile created on: 21.01.2011 23:26:53 - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 129,35 Gb Free Space | 45,18% Space Free | Partition Type: NTFS
Drive D: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
PRC - [2011.01.20 12:16:00 | 000,862,448 | ---- | M] (Intenium) -- C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
PRC - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.07 12:17:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.06.29 05:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.15 09:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.03.03 08:46:04 | 002,631,640 | ---- | M] () -- C:\Program Files (x86)\Metin2\metin2.bin
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.03 14:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009.11.21 00:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.10.30 02:06:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.20 17:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007.08.01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
PRC - [2007.02.14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
========== Modules (SafeList) ==========
MOD - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009.07.14 02:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.30 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.01.13 15:32:58 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.23 17:39:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 01:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010.11.22 14:09:57 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.07.01 20:04:51 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.11 21:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.30 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.05.05 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.04.28 18:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 18:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008.05.27 10:41:40 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.05.27 10:41:40 | 000,137,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.05.27 10:41:38 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.05.27 10:41:38 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.27 10:41:38 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.05.27 10:41:38 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.05.27 10:41:32 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.07.10 17:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {da684c80-6ad7-4a95-80ec-959e8ab082fd}:1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.04 09:32:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.04 09:32:50 | 000,000,000 | ---D | M]
[2010.03.01 20:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions
[2011.01.21 17:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions
[2010.04.19 11:31:51 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.06.07 16:14:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.29 18:07:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.28 14:44:33 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.08.22 11:36:51 | 000,000,000 | ---D | M] ("Auto Replay for YouTube") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{da684c80-6ad7-4a95-80ec-959e8ab082fd}
[2010.03.13 20:19:14 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\sparweltgutscheinewl@sparwelt.de
[2011.01.21 14:58:05 | 000,002,395 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\askcom.xml
[2010.01.21 16:17:44 | 000,000,917 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\conduit.xml
[2011.01.16 13:42:49 | 000,000,947 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\icqplugin.xml
[2010.06.07 16:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.07 16:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.07 16:13:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.14 21:08:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.14 21:08:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.14 21:08:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.14 21:08:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.14 21:08:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.09 01:03:54 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2007.06.28 18:48:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:43:36 | 000,000,160 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.01.21 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.01.21 17:21:20 | 000,000,000 | R--D | C] -- C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.01.21 17:15:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.21 11:54:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2011.01.20 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Malwarebytes
[2011.01.20 00:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.20 00:27:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.20 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.20 00:27:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.20 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.19 23:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011.01.19 23:58:35 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2011.01.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.01.19 23:53:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.01.14 22:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algebrator
[2011.01.14 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algebrator
[2011.01.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\algebrator4.1
[2011.01.14 18:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Metin2_beta
[2011.01.09 14:01:35 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Carbon
[2011.01.09 13:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.01.09 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011.01.09 01:23:04 | 000,000,000 | ---D | C] -- C:\CARBON
[2011.01.09 01:04:46 | 000,000,000 | ---D | C] -- C:\NFSC
[2011.01.04 19:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.01.02 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Most Wanted
[2011.01.02 02:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\NFSMW
========== Files - Modified Within 30 Days ==========
[2011.01.21 23:17:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.21 17:28:14 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.21 17:28:14 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.21 17:28:06 | 002,672,312 | ---- | M] () -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe
[2011.01.21 17:19:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.21 17:18:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.21 17:18:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2011.01.21 11:50:49 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.21 11:50:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.21 11:50:49 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.21 11:50:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.21 11:50:48 | 001,514,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.21 00:02:42 | 000,017,244 | ---- | M] () -- C:\Users\Georg\Desktop\gaa.jpg
[2011.01.20 20:07:59 | 000,137,886 | ---- | M] () -- C:\Users\Georg\Desktop\GA.png
[2011.01.20 20:03:21 | 105,293,434 | ---- | M] () -- C:\Users\Georg\Documents\clip0072.avi
[2011.01.20 19:59:42 | 000,012,524 | ---- | M] () -- C:\Users\Georg\Documents\clip0071.avi
[2011.01.20 19:58:25 | 000,010,946 | ---- | M] () -- C:\Users\Georg\Documents\clip0070.avi
[2011.01.20 19:58:14 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0069.avi
[2011.01.20 00:39:14 | 004,184,518 | ---- | M] () -- C:\Users\Georg\Desktop\Torture_images.gif
[2011.01.20 00:27:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.19 23:58:37 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011.01.19 23:53:50 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.17 21:21:22 | 000,011,170 | ---- | M] () -- C:\Users\Georg\Documents\clip0068.avi
[2011.01.17 21:21:13 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0067.avi
[2011.01.17 21:09:19 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0066.avi
[2011.01.16 13:00:23 | 056,522,194 | ---- | M] () -- C:\Users\Georg\Documents\clip0065.avi
[2011.01.15 18:40:44 | 000,001,216 | ---- | M] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk
[2011.01.15 10:18:52 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.01.15 00:13:42 | 000,001,394 | ---- | M] () -- C:\Users\Georg\Desktop\Metin2.lnk
[2011.01.14 22:31:38 | 000,000,979 | ---- | M] () -- C:\Users\Georg\Desktop\Algebrator.lnk
[2011.01.14 14:11:28 | 048,413,094 | ---- | M] () -- C:\Users\Georg\Documents\clip0064.avi
[2011.01.13 22:29:17 | 000,084,419 | ---- | M] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg
[2011.01.13 16:19:34 | 046,658,878 | ---- | M] () -- C:\Users\Georg\Documents\clip0063.avi
[2011.01.11 21:44:19 | 056,429,090 | ---- | M] () -- C:\Users\Georg\Documents\clip0062.avi
[2011.01.11 21:43:31 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0061.avi
[2011.01.11 19:11:19 | 018,583,822 | ---- | M] () -- C:\Users\Georg\Documents\clip0060.avi
[2011.01.11 19:10:12 | 174,350,876 | ---- | M] () -- C:\Users\Georg\Documents\clip0059.avi
[2011.01.10 18:58:48 | 387,156,962 | ---- | M] () -- C:\Users\Georg\Documents\clip0058.avi
[2011.01.10 18:55:11 | 008,608,664 | ---- | M] () -- C:\Users\Georg\Documents\clip0057.avi
[2011.01.09 19:33:18 | 043,004,460 | ---- | M] () -- C:\Users\Georg\Documents\clip0056.avi
[2011.01.09 13:52:37 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk
[2011.01.07 14:32:30 | 100,663,296 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi
[2011.01.07 14:31:34 | 000,780,000 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi.bak
[2011.01.05 17:35:10 | 057,236,040 | ---- | M] () -- C:\Users\Georg\Documents\clip0054.avi
[2011.01.04 19:55:55 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.01.04 09:41:28 | 117,569,600 | ---- | M] () -- C:\Users\Georg\Documents\clip0053.avi
[2011.01.03 19:14:35 | 083,078,582 | ---- | M] () -- C:\Users\Georg\Documents\clip0052.avi
[2011.01.03 01:32:17 | 049,396,556 | ---- | M] () -- C:\Users\Georg\Documents\clip0051.avi
[2011.01.02 02:58:51 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2011.01.01 18:05:48 | 104,857,600 | ---- | M] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar
[2011.01.01 16:33:03 | 000,010,955 | ---- | M] () -- C:\Users\Georg\Documents\Seelis.ods
[2011.01.01 12:29:05 | 064,390,682 | ---- | M] () -- C:\Users\Georg\Documents\clip0050.avi
[2010.12.31 19:19:06 | 000,001,941 | ---- | M] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk
[2010.12.31 13:05:55 | 064,612,846 | ---- | M] () -- C:\Users\Georg\Documents\clip0049.avi
[2010.12.31 13:05:12 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0048.avi
[2010.12.31 13:04:49 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0047.avi
[2010.12.31 13:04:28 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0046.avi
[2010.12.30 10:54:43 | 090,961,592 | ---- | M] () -- C:\Users\Georg\Documents\clip0045.avi
[2010.12.30 10:54:16 | 016,221,034 | ---- | M] () -- C:\Users\Georg\Documents\clip0044.avi
[2010.12.29 15:37:04 | 052,327,430 | ---- | M] () -- C:\Users\Georg\Documents\clip0043.avi
[2010.12.26 08:36:37 | 034,121,464 | ---- | M] () -- C:\Users\Georg\Documents\clip0042.avi
[2010.12.24 23:15:03 | 104,336,596 | ---- | M] () -- C:\Users\Georg\Documents\clip0041.avi
[2010.12.24 17:12:30 | 076,514,012 | ---- | M] () -- C:\Users\Georg\Documents\clip0040.avi
[2010.12.24 09:01:52 | 045,140,486 | ---- | M] () -- C:\Users\Georg\Documents\clip0039.avi
========== Files Created - No Company Name ==========
[2011.01.21 17:27:59 | 002,672,312 | ---- | C] () -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe
[2011.01.21 00:02:42 | 000,017,244 | ---- | C] () -- C:\Users\Georg\Desktop\gaa.jpg
[2011.01.20 20:07:59 | 000,137,886 | ---- | C] () -- C:\Users\Georg\Desktop\GA.png
[2011.01.20 20:00:12 | 105,293,434 | ---- | C] () -- C:\Users\Georg\Documents\clip0072.avi
[2011.01.20 19:59:37 | 000,012,524 | ---- | C] () -- C:\Users\Georg\Documents\clip0071.avi
[2011.01.20 19:58:21 | 000,010,946 | ---- | C] () -- C:\Users\Georg\Documents\clip0070.avi
[2011.01.20 19:58:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0069.avi
[2011.01.20 00:39:06 | 004,184,518 | ---- | C] () -- C:\Users\Georg\Desktop\Torture_images.gif
[2011.01.20 00:27:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.19 23:58:37 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011.01.19 23:53:50 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.17 21:21:18 | 000,011,170 | ---- | C] () -- C:\Users\Georg\Documents\clip0068.avi
[2011.01.17 21:21:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0067.avi
[2011.01.17 21:09:14 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0066.avi
[2011.01.16 13:00:07 | 056,522,194 | ---- | C] () -- C:\Users\Georg\Documents\clip0065.avi
[2011.01.15 18:40:44 | 000,001,216 | ---- | C] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk
[2011.01.15 00:13:42 | 000,001,394 | ---- | C] () -- C:\Users\Georg\Desktop\Metin2.lnk
[2011.01.14 22:31:38 | 000,000,979 | ---- | C] () -- C:\Users\Georg\Desktop\Algebrator.lnk
[2011.01.14 14:11:13 | 048,413,094 | ---- | C] () -- C:\Users\Georg\Documents\clip0064.avi
[2011.01.13 22:29:17 | 000,084,419 | ---- | C] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg
[2011.01.13 16:19:19 | 046,658,878 | ---- | C] () -- C:\Users\Georg\Documents\clip0063.avi
[2011.01.11 21:44:00 | 056,429,090 | ---- | C] () -- C:\Users\Georg\Documents\clip0062.avi
[2011.01.11 21:43:29 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0061.avi
[2011.01.11 19:11:11 | 018,583,822 | ---- | C] () -- C:\Users\Georg\Documents\clip0060.avi
[2011.01.11 19:08:38 | 174,350,876 | ---- | C] () -- C:\Users\Georg\Documents\clip0059.avi
[2011.01.10 18:55:14 | 387,156,962 | ---- | C] () -- C:\Users\Georg\Documents\clip0058.avi
[2011.01.10 18:55:08 | 008,608,664 | ---- | C] () -- C:\Users\Georg\Documents\clip0057.avi
[2011.01.09 19:33:04 | 043,004,460 | ---- | C] () -- C:\Users\Georg\Documents\clip0056.avi
[2011.01.09 13:52:37 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk
[2011.01.09 13:38:49 | 000,011,049 | ---- | C] () -- C:\Users\Georg\Desktop\FFF.NFO
[2011.01.09 13:38:49 | 000,000,382 | ---- | C] () -- C:\Users\Georg\Desktop\file_id.diz
[2011.01.09 13:34:26 | 008,904,704 | ---- | C] () -- C:\Users\Georg\Desktop\nfsc.exe
[2011.01.07 14:31:34 | 100,663,296 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi
[2011.01.07 14:31:34 | 000,780,000 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi.bak
[2011.01.05 17:34:39 | 057,236,040 | ---- | C] () -- C:\Users\Georg\Documents\clip0054.avi
[2011.01.04 19:56:33 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.01.04 19:55:55 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.01.04 09:40:56 | 117,569,600 | ---- | C] () -- C:\Users\Georg\Documents\clip0053.avi
[2011.01.03 19:14:11 | 083,078,582 | ---- | C] () -- C:\Users\Georg\Documents\clip0052.avi
[2011.01.03 01:31:57 | 049,396,556 | ---- | C] () -- C:\Users\Georg\Documents\clip0051.avi
[2011.01.02 02:58:51 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2011.01.01 18:00:05 | 104,857,600 | ---- | C] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar
[2011.01.01 12:28:38 | 064,390,682 | ---- | C] () -- C:\Users\Georg\Documents\clip0050.avi
[2010.12.31 19:19:06 | 000,001,941 | ---- | C] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk
[2010.12.31 13:05:36 | 064,612,846 | ---- | C] () -- C:\Users\Georg\Documents\clip0049.avi
[2010.12.31 13:05:03 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0048.avi
[2010.12.31 13:04:44 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0047.avi
[2010.12.31 13:04:20 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0046.avi
[2010.12.30 10:54:17 | 090,961,592 | ---- | C] () -- C:\Users\Georg\Documents\clip0045.avi
[2010.12.30 10:54:11 | 016,221,034 | ---- | C] () -- C:\Users\Georg\Documents\clip0044.avi
[2010.12.29 18:49:33 | 000,010,955 | ---- | C] () -- C:\Users\Georg\Documents\Seelis.ods
[2010.12.29 15:36:29 | 052,327,430 | ---- | C] () -- C:\Users\Georg\Documents\clip0043.avi
[2010.12.26 08:36:12 | 034,121,464 | ---- | C] () -- C:\Users\Georg\Documents\clip0042.avi
[2010.12.24 23:13:57 | 104,336,596 | ---- | C] () -- C:\Users\Georg\Documents\clip0041.avi
[2010.12.24 17:12:01 | 076,514,012 | ---- | C] () -- C:\Users\Georg\Documents\clip0040.avi
[2010.12.24 09:01:20 | 045,140,486 | ---- | C] () -- C:\Users\Georg\Documents\clip0039.avi
[2010.11.10 21:42:08 | 000,000,076 | ---- | C] () -- C:\Windows\iltwain.ini
[2010.10.23 18:14:07 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.16 18:36:46 | 000,001,008 | ---- | C] () -- C:\Windows\SysWow64\Hardware.ini
[2010.06.24 16:18:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.06.24 16:18:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.06.24 16:18:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.06.05 16:22:25 | 000,000,516 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.12.24 01:46:56 | 000,001,644 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.12.23 17:42:29 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.12.23 17:16:03 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini
[2009.10.30 05:26:14 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.10.30 05:25:45 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico
[2009.10.30 02:31:41 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.10.30 02:31:41 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.10.30 02:31:41 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.06.14 10:59:54 | 000,042,016 | ---- | C] () -- C:\Windows\JSETWAIN.DLL
========== LOP Check ==========
[2011.01.21 17:32:30 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\BitTorrent
[2010.07.01 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DAEMON Tools Pro
[2010.11.10 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Downloaded Installations
[2010.10.29 18:07:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.14 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gtk-2.0
[2011.01.13 03:31:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\ICQ
[2010.11.10 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\inkscape
[2010.10.13 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\mt soft
[2010.11.12 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\OpenOffice.org
[2010.03.11 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\PlayFirst
[2011.01.19 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SparweltGutschein
[2010.10.10 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Zylom
[2010.10.04 15:33:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009.07.27 21:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.04.09 22:29:00 | 001,184,646 | ---- | M] () -- C:\BottingPoint.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010.10.17 12:27:42 | 000,001,042 | ---- | M] () -- C:\Hardware.ini
[2011.01.21 17:18:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011.01.21 17:18:28 | 4293,246,976 | -HS- | M] () -- C:\pagefile.sys
[2009.12.09 04:22:18 | 000,013,365 | RHS- | M] () -- C:\Patch.rev
[2010.03.01 16:04:37 | 000,000,218 | RHS- | M] () -- C:\Preload.rev
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2004.09.20 14:00:28 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\Windows\FeedingFrenzy.scr
[2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >
--- --- ---
allerdings hatte ich da nur die OTL.txt - die Extra.txt wie verlangt hab ich nicht bekommen - auch nach dem zweiten mal ausführe nicht |
