Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verdacht auf Trojaner oder Keylogger (https://www.trojaner-board.de/100476-verdacht-trojaner-keylogger.html)

Themaster453 18.06.2011 21:10
Verdacht auf Trojaner oder Keylogger
 
Hallo, ich bitte um eure Hilfe. Als ich mich vor 3 Tagen in mein Facebook Account eingeloggt habe stand dort das von einem anderen Ort auf mein Account zugegriffen wurde. Daraufhin habe ich mein Passwort geändert und dachte mir auch nichts dabei. Doch heute wollte ich mich bei google anmelden um meine mails abzurufen und das Passwort war Falsch. Jetzt wollte ich es zurücksetzten doch ich weiß die Sicherheitsfrage nicht mehr weil der Account auch schon ziemlich alt ist. Jetzt schickt mir google warscheinlich mein Passwort an meine andere E-mail. Ich untersuche meinen Computer gerade auf Viren mit Kaspersky 2012, doch das Programm hat noch nichts gefunden. Bitte um schnelle Antworten was ich machen kann! Liebe Grüsse :dankeschoen:

markusg 19.06.2011 16:18
hi
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

Themaster453 19.06.2011 18:59
Extras.txt
Code:
OTL Extras logfile created on: 19.06.2011 19:39:44 - Run 1
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Dennis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free
7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Server
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR arkivering
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3A03D3D2-46C7-49ED-B60B-B91B1F5E71D3}_is1" = Game Prelauncher version 3.1.2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48418FBF-A20E-4BF2-90DA-561C2ECB721A}_is1" = Window Renamer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8E2FCC0-C524-4546-8859-A7F5D2BE6E5E}" = FBP - Facebook Blaster Pro
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E635F595-7D51-459D-9E2B-827F234F9D4E}" = FriendAdderElite
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Alice: Madness Returns_is1" = Alice: Madness Returns
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.7
"AnyTV Pro_is1" = AnyTV Pro 5.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CursorFX" = CursorFX
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"Game Booster 3_is1" = Game Booster
"Garena" = Garena 2010
"Hide IP Platinum_is1" = Hide IP Platinum 3.42
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPLive" = PPLive 1.9
"Premium Link Generator 1.00" = Premium Link Generator 1.00
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.3.2
"Steam App 13140" = America's Army 3
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"TVAnts 1.0" = TVAnts 1.0
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlyFFAutomaton" = FlyFF Automaton (v1.00)
"Google Chrome" = Google Chrome
"Megakey" = Megakey
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2011 15:06:45 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BFP4f.exe, version: 0.0.0.0, time stamp:
 0x4dc405a3  Faulting module name: BFP4f.exe, version: 0.0.0.0, time stamp: 0x4dc405a3
Exception
 code: 0xc0000005  Fault offset: 0x00327964  Faulting process id: 0xd74  Faulting application
 start time: 0x01cc0f44ea688016  Faulting application path: C:\Program Files (x86)\EA
 Games\Battlefield Play4Free\BFP4f.exe  Faulting module path: C:\Program Files (x86)\EA
 Games\Battlefield Play4Free\BFP4f.exe  Report Id: a53e1f07-7b38-11e0-8cd3-001f16187740
 
Error - 12.05.2011 08:05:09 | Computer Name = Gaming-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 404    Start Time:
 01cc109ccb842810    Termination Time: 13    Application Path: C:\Program Files\gPotato.eu\FlyFF\Neuz.exe

Report
 Id: 132c1a32-7c90-11e0-9212-001f16187740 
 
Error - 12.05.2011 13:15:04 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.250.6, time stamp:
 0x4da6bb44  Faulting module name: java.dll, version: 6.0.250.6, time stamp: 0x4da6f198
Exception
 code: 0xc0000005  Fault offset: 0x00004e2f  Faulting process id: 0xcfc  Faulting application
 start time: 0x01cc10c820f9f2ac  Faulting application path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Faulting
 module path: C:\Program Files (x86)\Java\jre6\bin\java.dll  Report Id: 603d86db-7cbb-11e0-9212-001f16187740
 
Error - 13.05.2011 10:03:16 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 11.0.2.571, time stamp:
 0x4cd05f34  Faulting module name: Ushata.dll, version: 11.0.2.556, time stamp: 0x4cab5fa3
Exception
 code: 0xc0000005  Fault offset: 0x0000540d  Faulting process id: 0x750  Faulting application
 start time: 0x01cc117098cbfc6e  Faulting application path: C:\Program Files (x86)\Kaspersky
 Lab\Kaspersky Internet Security 2011\avp.exe  Faulting module path: C:\Program Files
 (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\Ushata.dll  Report Id: beffe97b-7d69-11e0-9613-001f16187740
 
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
 Games\MFC80.DLL".  Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
 Games\MFC80.DLL".  Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 16:30:04 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\AVSMedia\ActiveX\AVSShellConverter64.dll".  Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 16:45:30 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AVSVideoConverter.exe, version: 7.1.2.480,
 time stamp: 0x00000000  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x137520d7  Faulting process id:
 0xfd4  Faulting application start time: 0x01cc11ae4aab1784  Faulting application path:
 C:\program files (x86)\avs4you\avsvideoconverter\AVSVideoConverter.exe  Faulting
module path: unknown  Report Id: f00dd41f-7da1-11e0-b055-001f16187740
 
Error - 13.05.2011 16:46:51 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 14.05.2011 10:30:26 | Computer Name = Gaming-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'systemapp.exe' could not be shut down.
 
[ System Events ]
Error - 31.05.2011 10:19:10 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard
 service which failed to start because of the following error:  %%0
 
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard
 service which failed to start because of the following error:  %%1062
 
Error - 31.05.2011 12:21:25 | Computer Name = Gaming-PC | Source = bowser | ID = 8003
Description =
 
Error - 31.05.2011 14:12:23 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
Error - 31.05.2011 14:12:25 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 31.05.2011 14:23:18 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 01.06.2011 07:37:17 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:  %%1058
 
 
< End of report >

Themaster453 19.06.2011 19:00
OTL.txt
Code:
OTL logfile created on: 19.06.2011 19:39:44 - Run 1
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Dennis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free
7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.)
PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Stardock\CursorFX\CurXP0.dll ( )
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GatewayAgentService) -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe (O&O Software GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MonitorFunction) -- C:\Windows\SysNative\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463
 
 
 
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 6E 10 F3 CF 05 CC 01  [binary data]
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.ftp: "188.129.152.98"
FF - prefs.js..network.proxy.ftp_port: 34463
FF - prefs.js..network.proxy.http: "188.129.152.98"
FF - prefs.js..network.proxy.http_port: 34463
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "188.129.152.98"
FF - prefs.js..network.proxy.socks_port: 34463
FF - prefs.js..network.proxy.ssl: "188.129.152.98"
FF - prefs.js..network.proxy.ssl_port: 34463
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 20:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 20:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.06.07 15:53:17 | 000,000,000 | ---D | M]
 
[2011.05.14 16:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\i2z78o5v.default\extensions
[2011.05.14 17:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.03 17:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.02 18:34:30 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.05.12 17:02:16 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2011.06.02 19:39:21 | 000,000,533 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll (Megamedia Ltd.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [CursorFX] C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [Megakey] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [MegakeyUpdater] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8:64bit: - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.15 22:04:08 | 000,000,100 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell - "" = AutoRun
O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2011.06.15 22:04:08 | 000,699,990 | R--- | M] (EA Games                                                    )
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^leftsider64.exe -  - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: MSASCui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: XeroxEndeavorBackgroundTask - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TabletInputService - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TabletInputService - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TabletInputService - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TabletInputService - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.18 21:26:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
[2011.06.18 21:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011.06.18 18:16:33 | 000,000,000 | ---D | C] -- C:\Update
[2011.06.18 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.06.18 18:16:14 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Megakey
[2011.06.18 18:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Megamedia
[2011.06.18 18:16:03 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Megamedia
[2011.06.18 11:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.06.17 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\NVIDIA
[2011.06.17 13:45:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\My Games
[2011.06.17 13:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.06.17 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011.06.16 18:14:36 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.06.16 16:39:35 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2011.06.15 19:07:53 | 001,426,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco642040.dll
[2011.06.15 19:07:53 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011.06.15 19:07:53 | 000,070,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2011.06.15 19:07:53 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011.06.15 19:07:50 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.06.15 19:07:50 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.06.15 19:07:50 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.06.15 19:07:50 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.06.15 19:07:50 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.06.15 19:07:50 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.06.15 19:07:50 | 008,863,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.06.15 19:07:50 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.06.15 19:07:50 | 006,555,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.06.15 19:07:50 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.06.15 19:07:50 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.06.15 19:07:50 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.06.15 19:07:50 | 002,644,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.06.15 19:07:50 | 002,335,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.06.15 19:07:50 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.06.15 19:07:50 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.06.15 19:07:50 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.06.15 19:07:50 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.06.15 19:07:50 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.06.15 19:07:50 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.06.15 19:07:50 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.06.15 19:06:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.06.15 18:53:28 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll
[2011.06.15 18:53:28 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll
[2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Prelauncher
[2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Prelauncher
[2011.06.15 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011.06.15 16:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011.06.14 14:34:39 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\socket.ocx
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Windows\vf_hip
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide IP Platinum
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hide IP Platinum
[2011.06.12 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Solo-Dev
[2011.06.11 22:27:53 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Duke Nukem Forever
[2011.06.11 22:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011.06.11 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duke Nukem Forever
[2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.06.11 11:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Link Generator
[2011.06.10 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\VirtualStore
[2011.06.09 17:37:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2011.06.09 17:25:01 | 000,016,376 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\TVMonitor.sys
[2011.06.09 17:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.06.09 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\O&O
[2011.06.09 16:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OO Software
[2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011.06.09 16:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011.06.09 16:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Downloaded Installations
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Tunngle
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.06.08 20:28:05 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2011.06.08 14:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011.06.07 15:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.06.07 15:52:44 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Window Renamer
[2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Window Renamer
[2011.06.03 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.06.03 16:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2011.06.02 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\DDMSettings
[2011.06.02 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.06.02 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.06.02 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.06.02 20:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.06.02 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011.06.02 20:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.06.02 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.06.02 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoshopPortable
[2011.06.02 19:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.06.02 19:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro
[2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FBP - Facebook Blaster Pro
[2011.06.02 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Creative Suite 5.5 Design Premium
[2011.06.02 18:23:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.06.02 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.05.31 17:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.30 14:36:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\fontconfig
[2011.05.30 12:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D
[2011.05.30 12:08:40 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2011.05.30 12:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\S.A.D
[2011.05.29 21:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.29 21:23:39 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2011.05.29 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CrashRpt
[2011.05.29 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\AOL
[2011.05.29 18:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011.05.29 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011.05.29 16:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.05.29 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\uTorrent
[2011.05.29 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.29 13:32:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Games
[2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011.05.27 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena
[2011.05.24 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2011.05.24 18:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011.05.24 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.05.24 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.05.24 15:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.05.22 19:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.05.22 19:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.05.21 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Electronic Arts
[2011.05.21 16:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.05.21 16:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.05.21 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.19 19:39:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job
[2011.06.19 19:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.19 19:34:17 | 000,051,040 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.06.17 20:02:32 | 000,000,221 | ---- | M] () -- C:\Users\Dennis\Desktop\America's Army 3.url
[2011.06.17 13:39:03 | 000,002,594 | ---- | M] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk
[2011.06.16 18:15:17 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011.06.16 15:58:30 | 000,000,000 | ---- | M] () -- C:\Report
[2011.06.16 14:39:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job
[2011.06.16 12:41:46 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll
[2011.06.16 11:41:30 | 000,002,143 | ---- | M] () -- C:\Users\Dennis\Desktop\all good (GP).lnk
[2011.06.15 18:59:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.15 17:49:43 | 000,001,972 | ---- | M] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk
[2011.06.15 16:55:19 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk
[2011.06.15 16:55:19 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011.06.13 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.13 03:59:03 | 000,000,032 | ---- | M] () -- C:\Windows\go
[2011.06.13 03:58:54 | 000,001,092 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
[2011.06.13 03:58:54 | 000,001,068 | ---- | M] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk
[2011.06.11 11:25:04 | 000,001,996 | ---- | M] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk
[2011.06.09 20:09:32 | 004,877,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.09 19:09:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.06.07 16:01:05 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.06.07 15:54:56 | 000,017,408 | ---- | M] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2011.06.07 15:53:54 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.06.07 15:52:44 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.06.05 12:41:48 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.05 12:41:48 | 000,623,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.05 12:41:48 | 000,109,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.30 14:36:40 | 000,000,237 | ---- | M] () -- C:\Users\Dennis\.swfinfo
[2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.30 10:32:16 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.05.29 18:36:05 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2011.05.29 16:08:12 | 000,000,967 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011.05.28 19:17:15 | 000,001,556 | ---- | M] () -- C:\Users\Dennis\PDF.lnk
[2011.05.28 12:55:45 | 000,001,709 | ---- | M] () -- C:\Windows\TSearch.INI
[2011.05.27 19:26:29 | 000,045,286 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat
[2011.05.27 19:11:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.21 08:01:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.05.21 08:01:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.05.21 08:01:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.05.21 08:01:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.05.21 08:01:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.05.21 08:01:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.05.21 08:01:00 | 008,863,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.05.21 08:01:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.05.21 08:01:00 | 006,555,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.05.21 08:01:00 | 006,300,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.05.21 08:01:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.05.21 08:01:00 | 003,040,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.05.21 08:01:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.05.21 08:01:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.05.21 08:01:00 | 002,644,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.05.21 08:01:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.05.21 08:01:00 | 002,335,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.05.21 08:01:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.05.21 08:01:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.05.21 08:01:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.05.21 08:01:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.05.21 08:01:00 | 000,739,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011.05.21 08:01:00 | 000,326,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll
[2011.05.21 08:01:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.05.21 08:01:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.05.21 08:01:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.05.21 08:01:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.05.21 08:01:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.05.21 08:01:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.05.20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.17 20:02:32 | 000,000,221 | ---- | C] () -- C:\Users\Dennis\Desktop\America's Army 3.url
[2011.06.17 13:39:03 | 000,002,594 | ---- | C] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk
[2011.06.16 18:15:17 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011.06.16 16:39:34 | 000,035,048 | ---- | C] () -- C:\Windows\Startorb image.bmp
[2011.06.16 15:58:30 | 000,000,000 | ---- | C] () -- C:\Report
[2011.06.16 12:41:46 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.06.15 18:59:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.15 17:42:57 | 000,001,972 | ---- | C] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk
[2011.06.15 17:11:49 | 000,002,143 | ---- | C] () -- C:\Users\Dennis\Desktop\all good (GP).lnk
[2011.06.15 16:55:19 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk
[2011.06.15 16:55:19 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011.06.13 03:59:03 | 000,000,032 | ---- | C] () -- C:\Windows\go
[2011.06.13 03:58:54 | 000,001,092 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
[2011.06.13 03:58:54 | 000,001,068 | ---- | C] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk
[2011.06.11 11:24:36 | 000,001,996 | ---- | C] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk
[2011.06.09 17:49:45 | 000,051,040 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor
[2011.06.09 17:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.09 17:25:05 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.06.07 15:54:54 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2011.06.07 15:53:55 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.06.07 15:53:54 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.05.30 14:36:40 | 000,000,237 | ---- | C] () -- C:\Users\Dennis\.swfinfo
[2011.05.29 18:35:15 | 000,000,360 | -H-- | C] () -- C:\IPH.PH
[2011.05.29 16:08:12 | 000,000,967 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011.05.28 19:17:15 | 000,001,556 | ---- | C] () -- C:\Users\Dennis\PDF.lnk
[2011.05.28 12:55:45 | 000,001,709 | ---- | C] () -- C:\Windows\TSearch.INI
[2011.05.27 19:26:29 | 000,045,286 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.14 16:57:02 | 000,125,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.05.10 20:30:55 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.10 20:30:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.02 18:34:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.18 15:20:54 | 000,065,536 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\chrtmp
[2011.04.15 18:43:34 | 000,315,682 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe
[2011.04.15 18:41:25 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2011.04.15 18:41:25 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2011.04.14 20:21:55 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional
[2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab
[2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive
[2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer
[2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance
[2011.06.10 16:27:37 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.02 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional
[2011.05.14 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2011.05.14 11:21:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU
[2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.06.02 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab
[2011.04.14 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.04.15 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2011.05.14 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Player Classic
[2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.06.10 16:28:11 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2011.05.14 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2011.06.17 13:45:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\NVIDIA
[2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive
[2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer
[2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance
[2011.05.24 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.04.14 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.09 16:10:16 | 000,053,784 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Defender\fdhfdhSCui.exefhgfdh
[2011.05.03 21:11:45 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Users\Dennis\AppData\Roaming\PPLive\Update\Update.exe
[2007.06.07 14:52:42 | 000,057,856 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\replacer\moveex.exe
[2007.01.26 21:59:44 | 000,503,296 | ---- | M] (hsiw) -- C:\Users\Dennis\AppData\Roaming\TuneUp Software\TU2011\StartUp Manager\Deaktivierte Objekte\leftsider64.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5AC855BA79745016C16B9CFEAEE24F4F -- C:\Windows\W7SOC\explorer.exe
[2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5DECCD8F824007CE7ED0ADF917F53FC7 -- C:\Windows\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 7 bytes -> C:\Report:kisextended
@Alternate Data Stream - 7 bytes -> C:\Report:kavextended

< End of report >

markusg 19.06.2011 19:07
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Themaster453 19.06.2011 19:32
der log:
Code:
ComboFix 11-06-17.04 - Dennis 19.06.2011  20:21:41.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1033.18.4091.2894 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\ScanQuery
c:\program files (x86)\ScanQuery\scanquery.dll
c:\users\Dennis\AppData\Roaming\chrtmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-19 bis 2011-06-19  ))))))))))))))))))))))))))))))
.
.
2011-06-19 18:25 . 2011-06-19 18:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-19 18:20 . 2011-06-19 18:20        --------        d-----w-        C:\32788R22FWJFW
2011-06-18 19:26 . 2011-06-18 19:26        --------        dc-h--w-        c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-18 16:16 . 2011-06-18 16:16        --------        d-----w-        C:\Update
2011-06-18 16:16 . 2011-06-18 16:16        --------        d-----w-        c:\users\Dennis\AppData\Roaming\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16        --------        d-----w-        c:\programdata\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16        --------        d-----w-        c:\users\Dennis\AppData\Local\Megamedia
2011-06-18 09:48 . 2011-06-18 09:48        --------        d-----w-        c:\programdata\EA Core
2011-06-17 11:45 . 2011-06-17 11:45        --------        d-----w-        c:\users\Dennis\AppData\Roaming\NVIDIA
2011-06-17 11:14 . 2011-06-17 11:14        --------        d-----w-        c:\program files (x86)\EA Games
2011-06-16 16:14 . 2011-06-16 16:14        --------        d-----w-        C:\found.000
2011-06-16 14:39 . 2009-07-13 18:41        898560        ----a-w-        c:\windows\system32\OobeFldr.dll
2011-06-15 17:10 . 2011-06-15 17:10        --------        d-----w-        c:\users\UpdatusUser
2011-06-15 17:06 . 2011-06-15 17:06        --------        d-----w-        C:\NVIDIA
2011-06-15 16:53 . 2011-04-08 05:14        1619048        ----a-w-        c:\windows\system32\nvdispco6420140.dll
2011-06-15 16:53 . 2011-04-08 05:14        1404008        ----a-w-        c:\windows\system32\nvgenco642060.dll
2011-06-15 14:57 . 2011-06-15 15:49        --------        d-----w-        c:\program files (x86)\Game Prelauncher
2011-06-15 14:55 . 2011-06-15 14:55        --------        d-----w-        c:\programdata\IObit
2011-06-14 12:34 . 2010-07-25 04:19        108336        ----a-w-        c:\windows\SysWow64\socket.ocx
2011-06-13 01:58 . 2011-06-13 02:00        --------        d-----w-        c:\windows\vf_hip
2011-06-13 01:58 . 2011-06-13 01:59        --------        d-----w-        c:\program files (x86)\Hide IP Platinum
2011-06-12 14:17 . 2011-06-12 14:17        --------        d-----w-        c:\users\Dennis\AppData\Local\Solo-Dev
2011-06-11 20:17 . 2011-06-11 20:27        --------        d-----w-        c:\program files (x86)\Duke Nukem Forever
2011-06-11 13:41 . 2011-06-11 13:41        --------        d-----w-        c:\program files\7-Zip
2011-06-11 09:24 . 2011-06-11 09:25        --------        d-----w-        c:\program files (x86)\Premium Link Generator
2011-06-10 14:28 . 2011-06-18 09:48        --------        d-----w-        c:\users\Dennis\AppData\Local\VirtualStore
2011-06-09 15:37 . 2011-06-09 15:37        --------        d-----w-        c:\windows\system32\oodag
2011-06-09 15:25 . 2011-01-12 09:42        16376        ----a-w-        c:\windows\system32\drivers\TVMonitor.sys
2011-06-09 15:25 . 2011-06-09 15:25        --------        d-----w-        c:\program files (x86)\TeamViewer
2011-06-09 14:49 . 2011-06-09 14:49        --------        d-----w-        c:\users\Dennis\AppData\Local\O&O
2011-06-09 14:49 . 2011-06-09 14:49        --------        d-----w-        c:\programdata\OO Software
2011-06-09 14:49 . 2011-06-09 14:49        --------        d-----w-        c:\program files (x86)\OO Software
2011-06-09 14:49 . 2011-06-09 14:49        --------        d-----w-        c:\program files\OO Software
2011-06-09 14:49 . 2011-06-09 14:49        --------        d-----w-        c:\users\Dennis\AppData\Local\Downloaded Installations
2011-06-08 18:28 . 2011-06-09 14:11        --------        d-----w-        c:\users\Dennis\AppData\Roaming\Tunngle
2011-06-08 18:28 . 2011-06-08 18:28        --------        d-----w-        c:\programdata\Tunngle
2011-06-08 18:28 . 2009-09-16 05:02        31232        ----a-w-        c:\windows\system32\drivers\tap0901t.sys
2011-06-08 12:02 . 2011-06-08 12:02        --------        d-----w-        c:\windows\SysWow64\Adobe
2011-06-07 13:52 . 2011-06-19 18:15        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-06-07 13:52 . 2011-06-07 13:52        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2011-06-05 12:50 . 2011-06-05 12:50        --------        d-----w-        c:\program files (x86)\Window Renamer
2011-06-03 17:27 . 2011-06-05 09:14        --------        d-----w-        c:\programdata\McAfee
2011-06-03 14:29 . 2011-06-03 14:29        --------        d-----w-        c:\programdata\Xerox
2011-06-02 18:45 . 2011-06-02 18:45        --------        d-----w-        c:\users\Dennis\AppData\Local\DDMSettings
2011-06-02 18:43 . 2011-06-02 18:43        --------        d-----w-        c:\users\Dennis\AppData\Roaming\DivX
2011-06-02 18:42 . 2011-06-02 18:42        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2011-06-02 18:42 . 2011-06-02 18:42        --------        d-----w-        c:\program files\DivX
2011-06-02 18:42 . 2011-06-02 18:42        --------        d-----w-        c:\program files (x86)\Common Files\DivX Shared
2011-06-02 18:41 . 2011-06-02 18:43        --------        d-----w-        c:\program files (x86)\DivX
2011-06-02 18:40 . 2011-06-02 18:43        --------        d-----w-        c:\programdata\DivX
2011-06-02 18:11 . 2011-06-02 18:13        --------        d-----w-        c:\program files\PhotoshopPortable
2011-06-02 17:31 . 2011-06-02 17:31        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2011-06-02 17:00 . 2011-06-02 18:18        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-06-02 16:49 . 2011-06-02 16:51        --------        d-----w-        c:\program files (x86)\FBP - Facebook Blaster Pro
2011-06-02 16:25 . 2011-06-02 16:28        --------        d-----w-        c:\users\Dennis\Creative Suite 5.5 Design Premium
2011-06-02 16:23 . 2011-06-02 16:23        --------        d-----w-        c:\users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-31 15:21 . 2011-05-31 15:53        --------        d-----w-        c:\programdata\Avira
2011-05-30 12:36 . 2011-05-30 12:36        --------        d-----w-        c:\users\Dennis\fontconfig
2011-05-30 10:08 . 2010-02-25 14:51        29696        ----a-w-        c:\windows\system32\drivers\tap0901.sys
2011-05-30 10:08 . 2011-05-30 10:08        --------        d-----w-        c:\program files\S.A.D
2011-05-29 19:23 . 2011-05-29 19:24        --------        d---a-w-        C:\.Trash-1000
2011-05-29 18:23 . 2011-05-29 18:23        --------        d-----w-        c:\users\Dennis\AppData\Local\CrashRpt
2011-05-29 16:36 . 2011-05-29 16:36        --------        d-----w-        c:\users\Dennis\AppData\Local\AOL
2011-05-29 16:35 . 2011-05-29 16:35        --------        d-----w-        c:\program files (x86)\Common Files\Software Update Utility
2011-05-29 16:35 . 2011-05-29 16:39        --------        d-----w-        c:\program files (x86)\Common Files\AOL
2011-05-29 14:08 . 2011-05-29 14:08        --------        d-----w-        c:\program files (x86)\uTorrent
2011-05-29 14:06 . 2011-05-29 14:06        --------        d-----w-        c:\users\Dennis\AppData\Local\uTorrent
2011-05-29 14:06 . 2011-06-16 15:59        --------        d-----w-        c:\users\Dennis\AppData\Roaming\uTorrent
2011-05-29 11:32 . 2011-05-30 15:38        --------        d-----w-        c:\users\Dennis\Games
2011-05-27 14:25 . 2011-05-27 17:01        --------        d-----w-        c:\program files (x86)\Garena
2011-05-24 16:24 . 2011-05-24 16:24        --------        d-----w-        c:\program files\Tracker Software
2011-05-24 13:13 . 2011-05-24 13:13        --------        d-----w-        c:\users\Dennis\AppData\Roaming\vlc
2011-05-24 13:12 . 2011-05-24 13:12        --------        d-----w-        c:\program files (x86)\VideoLAN
2011-05-22 17:54 . 2011-05-22 17:54        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2011-05-21 14:11 . 2011-05-21 14:11        --------        d-----w-        c:\users\Dennis\AppData\Local\Electronic Arts
2011-05-21 14:11 . 2011-05-21 14:11        --------        d-----w-        c:\programdata\Electronic Arts
2011-05-21 14:10 . 2011-05-21 14:10        --------        d-----w-        c:\program files (x86)\Electronic Arts
2011-05-20 20:35 . 2011-05-20 20:35        304744        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 02:26 . 2011-05-13 14:47        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-30 08:41 . 2011-05-10 18:33        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2011-05-30 08:41 . 2011-05-10 18:30        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-05-30 08:32 . 2011-05-10 18:30        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2011-05-27 17:11 . 2011-05-10 18:30        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-05-21 06:01 . 2011-03-17 02:03        739432        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-21 06:01 . 2011-03-17 02:03        6300776        ----a-w-        c:\windows\system32\nvcpl.dll
2011-05-21 06:01 . 2011-03-17 02:03        3040872        ----a-w-        c:\windows\system32\nvsvc64.dll
2011-05-21 06:01 . 2011-03-17 02:03        117864        ----a-w-        c:\windows\system32\nvmctray.dll
2011-05-21 06:01 . 2011-03-17 02:02        61544        ----a-w-        c:\windows\system32\nvshext.dll
2011-05-21 06:01 . 2011-03-17 02:02        326760        ----a-w-        c:\windows\system32\nvhotkey.dll
2011-05-21 06:01 . 2011-03-17 02:02        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-05-21 06:01 . 2011-03-17 02:02        1016936        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-05-03 16:11 . 2011-04-14 18:21        925184        ----a-w-        c:\windows\expstart.exe
2011-05-01 11:42 . 2011-05-01 11:42        3608        ----a-w-        C:\STFE7B5.tmp
2011-04-29 10:25 . 2011-04-29 10:25        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-04-29 10:19 . 2011-04-29 10:19        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 05:58 . 2011-04-26 05:58        499712        ----a-w-        c:\windows\SysWow64\msvcp71.dll
2011-04-26 05:58 . 2011-04-26 05:58        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2011-04-24 21:14 . 2011-04-24 21:14        234896        ----a-w-        c:\windows\system32\klogon.dll
2011-04-15 16:06 . 2009-07-13 23:39        2755072        ----a-w-        c:\windows\SysWow64\themeui.dll
2011-04-15 16:06 . 2009-07-13 23:39        245760        ----a-w-        c:\windows\SysWow64\uxtheme.dll
2011-04-15 13:58 . 2011-04-15 13:58        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-04-15 13:58 . 2011-04-15 13:58        4068864        ----a-w-        c:\windows\system32\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58        3181568        ----a-w-        c:\windows\SysWow64\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 13:58 . 2011-04-15 13:58        257024        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58        229888        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58        206848        ----a-w-        c:\windows\system32\mfps.dll
2011-04-15 13:58 . 2011-04-15 13:58        196608        ----a-w-        c:\windows\SysWow64\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58        1888256        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-04-15 13:58 . 2011-04-15 13:58        1619456        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58        1495040        ----a-w-        c:\windows\SysWow64\ExplorerFrame.dll
2011-04-15 13:58 . 2011-04-15 13:58        144384        ----a-w-        c:\windows\system32\cdd.dll
2011-04-15 13:58 . 2011-04-15 13:58        135168        ----a-w-        c:\windows\SysWow64\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26        69408        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26        237856        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe
2011-03-30 17:50 . 2011-04-15 16:14        34624        ----a-w-        c:\windows\system32\TURegOpt.exe
2011-03-30 17:45 . 2011-04-15 16:14        25920        ----a-w-        c:\windows\system32\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:13        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:14        36160        ----a-w-        c:\windows\system32\uxtuneup.dll
2011-03-30 17:45 . 2011-04-15 16:14        29504        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[-] 2009-10-30 . 5DECCD8F824007CE7ED0ADF917F53FC7 . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2009-10-30 . 5AC855BA79745016C16B9CFEAEE24F4F . 2870272 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16        64000        ----a-w-        c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Megakey"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe" [2011-06-18 2593280]
"MegakeyUpdater"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-06-18 64000]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"facemoods"="c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va005;X6va005;c:\users\Dennis\AppData\Local\Temp\005935A.tmp [x]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
R4 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16        78336        ----a-w-        c:\users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Capture Web Page - c:\users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: Fetch to Megaupload - c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\programdata\Megamedia\Megakey\msadm.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Dennis\AppData\Local\Temp\005935A.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="AF34148A01768F9AF23ED95CA71CA173729310FB5CB15BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667C038D530D6EB34525CCAB58FA5588F2CC4CEA0DFA7144D77417C62F9F250899FA44B5D7309B726CB2986B2B64581BB83B2883F0E26FB62E6AC2B2309B37980396C985BADE6FD2EB6A86B6FF0ABC8A9BE7D93AB916F2656CB089AE733BC1450BE87A866CC6E3712F096683C6F6A212223732ECC517061D9325076D130FC6BB321C2B1788230CDB27231620DF6D231504C608730C4E0B281F886DB274FAA82C9266F5D321003DED9833BB07ADEFBD346A91BC6087B36CFC8532EDCD1723F8B14E365CBD4CD823C3042FA1FBE92C11676FCF90227942DA50DCA50805F1177F079C97B11482789EA489F3BED3A1544BC3BDDD74888C4C6548DB9F9408333534EC3979231951B3EA513E3CAD1F1F8E43C4FB5951A4758C62EF0D03C8A11799A732262882A6E3D03586926FCF18D65CB40D4C5176DA5AAB4BA4012AA3F05945465A61346E92433052586D5A66AD79863A7CE1EC22A882C5D3569D7DE377ACB4E5DC8E5B3D2AD3AB0E20934A44C4262DB83A62785ADF7E3D08EBE4C753CB5F89947E06BBEBC25A03818F457531A5EA5279BA79ACD49216AE269F2708E899A890BC32F0959724B4A130631A896CC67DC7D69038890C1D46C2C1D22964E5435813DA7547779B302AD7A1B0A65D5D0B692D99CCC52C44F08AC88B5C7665EC0B1F58BFAD8C318325057EBFEAD207A854DE7FA177D30E59F547E1872475D6BE9E291977AA44D3395E0E42B89B03E733E4E116470712CF2D475CC40C664C9255D3D924717094B4C78040BBD49897AB3C381565C70E825F082CC94A6DAC7D0C11DDC4AC2743644696BAA90EB7F14E132D2D3946F9889CD67B2DFE6398981E8F79FFD21F8EB4395946FEBD0C6229055681AD43A6B1BD9AC61E056E82862015E064D848F98092BF0D97C833A1FDAA08C553F39CC64DB479CEE007F53E6281CCF2C06F3A4188DCAD94C7ED0518B05CD8F7D5957E43278A2CC23744974AE548CB3AE9BF682316DE52A015355ADE435013D64F32B2EEDBE1F401695CA2D7A116F4FD5D3DBDFE051A20E90CD39F8CAAE0CC5180F55E9772F564D64333BF20B3F46BF6F68148566160B869BB5C5729EEC9FB1A4201A6AF382441EAB0DF8CE63F076744C073754494B8D68C1466C6F079B56581D8D601947A34833115784DD4E6D4A313FD27CBBD1B5FC5CA72D3E556D1DA968193434F29FAEA8DDBB3C8152D431EC0DA2E0C3C30D4E90DE790F7120018779E333E4C608E9F78CC457D7BA70C9EB71F552BB8D86CBC160C16282E25F33A388A009E1EAFB5A0501E2933D1C90BE004D292F618131A2EFEB2817"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-19  20:28:00
ComboFix-quarantined-files.txt  2011-06-19 18:27
.
Vor Suchlauf: 194.616.975.360 bytes free
Nach Suchlauf: 194.507.780.096 bytes free
.
- - End Of File - - CAFE0472F674D0EE40074CB1295C03C6

markusg 19.06.2011 19:34
download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Themaster453 19.06.2011 20:15
Log 1
Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.06.2011 20:49:24
mbam-log-2011-06-19 (20-49-24).txt

Art des Suchlaufs: Flash-Scan
Durchsuchte Objekte: 142070
Laufzeit: 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Log 2
Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.06.2011 21:12:48
mbam-log-2011-06-19 (21-12-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 310485
Laufzeit: 22 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\program files (x86)\scanquery\scanquery.dll.vir (Adware.Agent.Gen) -> Quarantined and deleted successfully.

markusg 19.06.2011 20:17
lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Themaster453 24.06.2011 12:26
sorry ich war im Urlaub und konnte deshalb nicht antworten...7
hier ist die Liste:
Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        10.06.2011        4,53MB        9.20.00.0 notwendig
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        12.06.2011        6,00MB        10.3.181.23 notwendig
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        12.05.2011        6,00MB        10.3.181.14 notwendig
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        07.06.2011                11.5.9.620 notwendig
Akamai NetSession Interface                17.05.2011        unbekannt       
Alice: Madness Returns                16.06.2011                notwendig
America's Army 3        U.S. Army        16.06.2011        notwendig       
Any DVD Converter Professional 3.7.7        Any-DVD-Converter.com        14.05.2011 unnötig               
AnyTV Pro 5.1        FDRLab, Inc.        16.05.2011        4,96MB        unnötig
Apple Application Support        Apple Inc.        13.05.2011        51,0MB        1.5.1 notwendig
Apple Mobile Device Support        Apple Inc.        13.05.2011        22,4MB        3.4.0.25 notwendig
Apple Software Update        Apple Inc.        13.05.2011        2,26MB        2.1.2.120 notwendig
Bonjour        Apple Inc.        13.05.2011        1,75MB        2.0.5.0 notwendig
Call of Duty: Black Ops - Multiplayer        Treyarch        06.05.2011        notwendig       
CCleaner        Piriform        14.06.2011                3.07 notwendig
Combined Community Codec Pack 2009-09-09        CCCP Project        13.04.2011                2009.09.09.0 notwendig
CursorFX        Stardock Corporation        17.06.2011 notwendig               
CyberGhost VPN        S.A.D. GmbH        29.05.2011        56,6MB        notwendig
DAEMON Tools Lite        DT Soft Ltd        28.04.2011                4.40.2.0131 notwendig
DivX-Setup        DivX, LLC        01.06.2011                2.5.0.11 unnötig
Download Updater (AOL LLC)                28.05.2011        unbekannt       
EA Download Manager        Electronic Arts, Inc.        20.05.2011                8.0.3.427 notwendig
Facemoods Toolbar                11.05.2011 unnötig               
FBP - Facebook Blaster Pro        Digital Media Group        01.06.2011        8,36MB        9.0.3 unnötig
Flyff        Gala Networks Europe Limited        29.04.2011                Flyff notwendig
FlyFF Automaton (v1.00)                15.05.2011                unbekannt
FriendAdderElite        Default Company Name        01.06.2011        19,1MB        4.0.1 unnötig
Game Booster        IObit        14.06.2011        11,6MB        3.0 notwendig
Game Prelauncher version 3.1.2                14.06.2011        2,75MB        3.1.2 notwendig
Garena 2010        Garena Online Pte Ltd.        26.05.2011                2010 unnötig
Google Chrome        Google Inc.        15.05.2011                12.0.742.100 notwendig
Hide IP Platinum 3.42        Volcano Force        12.06.2011                unnötig
iTunes        Apple Inc.        13.05.2011        144,9MB        10.2.2.12 notwendig
Java(TM) 6 Update 22        Oracle        02.05.2011        95,0MB        6.0.220 notwendig
Java(TM) 6 Update 25        Oracle        28.04.2011        94,7MB        6.0.250 notwendig
JDownloader 0.9        AppWork GmbH        11.05.2011                0.9 notwendig
Kaspersky Internet Security 2012        Kaspersky Lab        06.06.2011                12.0.0.374 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200        Malwarebytes Corporation        18.06.2011        13,8MB        1.51.0.1200 notwendig
Megakey        Megamedia Ltd.        17.06.2011                0.9.0.0 notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        27.04.2011        38,8MB        4.0.30319 notwendig
Microsoft Office Professional Home and Student 2010        Microsoft Corporation        15.04.2011                14.0.4763.1000 notwendig
Microsoft Silverlight        Microsoft Corporation        21.05.2011        20,5MB        4.0.60310.0 notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.05.2011        0,34MB        8.0.59193 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        16.04.2011        0,19MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        29.05.2011        2,52MB        9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        15.04.2011        0,58MB        9.0.30729 notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        16.04.2011        13,7MB        10.0.30319 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        20.05.2011        11,0MB        10.0.30319 notwendig
NVIDIA 3D Vision Controller Driver 275.33        NVIDIA Corporation        14.06.2011                275.33 notwendig
NVIDIA 3D Vision Driver 275.33        NVIDIA Corporation        14.06.2011                275.33 notwendig
NVIDIA Graphics Driver 275.33        NVIDIA Corporation        14.06.2011                275.33 notwendig
NVIDIA HD Audio Driver 1.2.23.3        NVIDIA Corporation        14.06.2011                1.2.23.3 notwendig
NVIDIA PhysX System Software 9.10.0514        NVIDIA Corporation        14.06.2011                9.10.0514 notwendig
NVIDIA Update 1.3.5        NVIDIA Corporation        14.06.2011                1.3.5 notwendig
O&O Defrag Server        O&O Software GmbH        08.06.2011        53,3MB        14.1.305 unnötig
PDF-XChange Viewer        Tracker Software Products Ltd.        23.05.2011        44,3MB        2.5.195.0 notwendig
PPLive 1.9        Synacast        02.05.2011                1.9.47 unnötig
Premium Link Generator 1.00                10.06.2011                unbekannt
QuickTime        Apple Inc.        13.05.2011        73,7MB        7.69.80.9 notwendig
RocketDock 1.3.5        Punk Software        14.04.2011 notwendig               
Safari        Apple Inc.        13.05.2011        41,3MB        5.33.21.1 notwendig
SopCast 3.3.2        www.sopcast.com        14.04.2011                3.3.2 notwendig
Steam        Valve Corporation        29.04.2011        1,59MB        1.0.0.0 notwendig
TeamViewer 6        TeamViewer GmbH        08.06.2011                6.0.10722 notwendig
TuneUp Utilities 2011        TuneUp Software        14.04.2011                10.0.4010.25 notwendig
TVAnts 1.0                02.05.2011                notwendig
Veetle TV 0.9.18        Veetle, Inc        02.05.2011                0.9.18 notwendig
VLC media player 1.0.5        VideoLAN Team        23.05.2011                1.0.5 notwendig
Window Renamer 1.0        FireBlood's Dev        04.06.2011                notwendig
Windows Media Player Firefox Plugin        Microsoft Corp        28.04.2011        0,29MB        1.0.0.8 notwendig
WinRAR arkivering                13.04.2011                notwendig
µTorrent                28.05.2011                3.0.0 notwendig

markusg 24.06.2011 14:27
deinstaliere
Any DVD
AnyTV
Bonjour kann auch weg
DivX-Setup
Facemoods
FBP
FlyFF
FriendAdderElite
Game Booster ist sinnlos kann eig weg.
Garena
Hide IP


Java alle
Java SE Downloads
download jre, lade offline installer und instaliere.

deinstaliere
OO Defrag
PPLive
Premium Link Generator
TuneUp verzichte auf so nen schrott. die werbung die die machen, tuning versprechen, ist alles quatsch und kann dem rechner schaden.
weg damit.

bereinige mit dem ccleaner

Themaster453 24.06.2011 16:51
alles gemacht.... danke für die Hilfe.

markusg 24.06.2011 17:04
gibts bzw gabs noch probleme?

Themaster453 24.06.2011 19:15
nein gar keine mehr.

markusg 24.06.2011 19:25
ok endere alle passwörter


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131