Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GEMA verursacht POPUP, auch im abgesicherten Modus (https://www.trojaner-board.de/110342-gema-verursacht-popup-abgesicherten-modus.html)

Ghostrider1 23.02.2012 20:03
GEMA verursacht POPUP, auch im abgesicherten Modus
 
Moin moin,

Ich habe ein riesen Problem. Ich habe mir beim Surfen diesen GEMA-Virus eingefangen. Dieser blockiert selbst im abgesicherten Modus den Zugriff auf meinen Rechner.
Mein Rechner läuft normalerweise mit Win7 HE.

Ich habe folgendes hier:
1x Laptop mit Brenner
-> CDBurnerXP ist bereits installiert & Rohlinge sind vorhanden.
1x Win7 CD

Ich habe im Forum gelesen ich solle eine *.ISO brennen.
Wie genau muss ich jetz vorgehen? In einen Thread wird beim Brennen der *.ISO auf eine ISO verwiesen, die ich nicht hier auf dem Lapto finde.

Wäre nett, wenn mir einer helfen kann.

markusg 23.02.2012 20:05
hi,
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner Download - ISO Burner 2.5
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Ghostrider1 23.02.2012 20:45
Fehler gefunden.... bin weiter dran mich an der Anleitung entlang zu hangeln.

Wenn 2 Profile drauf sind, muss ich das 2x machen?

Code:
OTL logfile created on: 2/23/2012 8:54:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 369.91 Gb Free Space | 79.44% Space Free | Partition Type: FAT32
Drive I: | 58.59 Gb Total Space | 15.01 Gb Free Space | 25.62% Space Free | Partition Type: NTFS
Drive J: | 407.07 Gb Total Space | 223.76 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/01/16 03:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto] -- I:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/05 16:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- I:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/11 00:08:22 | 003,340,064 | ---- | M] () [Auto] -- I:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 04:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto] -- I:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/11 07:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 07:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/28 11:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto] -- I:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/04/21 19:28:00 | 003,570,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/23 09:01:12 | 000,066,872 | ---- | M] () [Auto] -- I:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- I:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 04:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/11/10 01:12:28 | 000,099,936 | ---- | M] () [Auto] -- I:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/11 08:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 08:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- I:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/06 05:27:01 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/03/06 05:26:59 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/29 03:50:30 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto] -- I:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/10/29 03:45:34 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- I:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009/09/30 09:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 00:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- I:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 03:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/28 11:47:38 | 000,025,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009/05/28 10:47:38 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/05/25 10:32:08 | 000,198,784 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\vmuvc.sys -- (VMUVC)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 20:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- I:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/01 04:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2009/10/28 00:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- I:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- I:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Frank_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKU\Frank_ON_I\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_I\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Frank_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
 
 
IE - HKU\Susi_ON_I\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Susi_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: I:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Webzen.com/NPGameWebStarter: I:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Firefox\plugins
 
[2010/01/22 12:42:11 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions
[2011/11/24 07:47:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/08/02 06:17:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/06 05:39:31 | 000,000,000 | ---D | M] (Conduit Engine) -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\engine@conduit.com
[2011/12/17 17:05:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- I:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\toolbar@ask.com
File not found (No name found) --
 
O1 HOSTS File: ([2011/02/25 10:41:38 | 000,003,471 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.*
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 65 more lines...
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - I:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - I:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - I:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - I:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - I:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Frank_ON_I\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - I:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\Frank_ON_I\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - I:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IntelliPoint] I:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] I:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3200 Scan2PC] I:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [ApnUpdater] I:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [gema.] I:\ProgramData\gema\gema.exe (Promise Technology, Inc.)
O4 - HKLM..\Run: [HDAudDeck] I:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] I:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] I:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Frank_ON_I..\Run: [Akamai NetSession Interface] I:\Users\Frank\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Frank_ON_I..\Run: [gema] I:\Users\Frank\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O4 - HKU\Frank_ON_I..\Run: [mapdisk]  File not found
O4 - HKU\Frank_ON_I..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Susi_ON_I..\Run: [gema] I:\Users\Susi\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Frank_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Frank_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Frank_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Susi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Susi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Susi_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - I:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - I:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - I:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - I:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - I:\ProgramData\gema\gema.exe (Promise Technology, Inc.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Frank_ON_I Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\gema\gema.exe) - I:\Users\Frank\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O20 - HKU\Frank_ON_I Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Susi_ON_I Winlogon: Shell - (C:\Users\Susi\AppData\Roaming\gema\gema.exe) - I:\Users\Susi\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O20 - HKU\Susi_ON_I Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/23 13:06:04 | 000,000,000 | ---D | C] -- I:\Users\Susi\AppData\Roaming\gema
[2012/02/23 12:51:50 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Roaming\gema
[2012/02/23 12:51:49 | 000,331,776 | ---- | C] (Promise Technology, Inc.) -- I:\Windows\System32\gema.exe
[2012/02/23 12:51:49 | 000,000,000 | ---D | C] -- I:\ProgramData\gema
[2012/02/22 11:52:23 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{20344EB2-E522-4412-80A5-3FFED3C47FCD}
[2012/02/22 11:51:59 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{07059E73-8E21-46A5-8516-8D7D9FEA56F8}
[2012/02/21 12:20:17 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{47B6700E-988A-4A89-A754-4A56C5CA6A46}
[2012/02/21 00:16:43 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{3DFDC237-4F59-4F38-B05F-98FC09C52638}
[2012/02/21 00:16:32 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{E6C995E2-BFC6-4DD8-9CE7-23C5857B0C65}
[2012/02/21 00:09:53 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{351E5B6A-BA24-4E43-9C89-79EB6B4F2D72}
[2012/02/20 11:02:21 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{F1672412-22A3-4E1C-BD25-F37F86DB131B}
[2012/02/20 11:02:09 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{DA71FF2C-BC09-438F-9985-81B94AD35892}
[2012/02/19 16:22:14 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{7DC1B33F-6155-4537-A7AA-BC3E69DC2A22}
[2012/02/19 16:22:02 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{3159A7AC-1306-4AD9-9E44-9189EC9ACA80}
[2012/02/19 03:41:38 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{72E6CDED-46D1-4244-8192-9A7354D97C2B}
[2012/02/19 03:41:14 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{637528F2-CBDE-44F3-9851-3042DF9F8A49}
[2012/02/17 11:10:07 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{4009F083-6397-4FD0-96FA-209AEA7D8AF0}
[2012/02/17 11:09:44 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D1A675E9-F09A-4236-8CF8-FAAE8A6C297A}
[2012/02/17 00:14:26 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{4B0B5012-9F15-497E-B94C-19366F69C582}
[2012/02/16 04:09:11 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{F86D3D64-C520-4778-A266-55311BE1DF5C}
[2012/02/16 04:08:58 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{01A3B039-08E0-4206-844B-AD22D5C3429E}
[2012/02/16 04:08:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntshrui.dll
[2012/02/16 04:08:32 | 000,515,584 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\timedate.cpl
[2012/02/16 04:08:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\timedate.cpl
[2012/02/16 04:08:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msvcrt.dll
[2012/02/16 04:08:20 | 000,702,464 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/02/16 04:08:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2012/02/16 04:08:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/02/16 04:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2012/02/16 04:08:19 | 000,134,144 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/02/16 04:08:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\url.dll
[2012/02/16 04:08:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll
[2012/02/16 04:08:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll
[2012/02/15 04:19:19 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{2C7A8AAA-42FB-4CF5-B654-CE8F86EE0DDA}
[2012/02/15 04:19:07 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{0DD1174C-8924-417D-AC35-2C3ED0C96338}
[2012/02/14 04:29:40 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{DEB43ED2-0273-4FD1-BF07-064D64666BB7}
[2012/02/14 04:29:17 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{0F2A03D8-57F4-4E6A-B5F6-98182A7B1983}
[2012/02/13 04:32:35 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{5A25F15B-E29B-48BD-B73E-289F5CE58E0F}
[2012/02/13 04:32:23 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D7CF812C-30BC-457A-85B8-98FF18002927}
[2012/02/13 04:19:24 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{E5166265-01D7-4BAB-895D-F16B78D2AA88}
[2012/02/13 04:19:08 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D8CF084C-5C36-4DB8-A9E2-14FBAAA7CDE1}
[2012/02/12 12:42:44 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{7562FA57-85D1-4C77-9C5E-02406FA8DC95}
[2012/02/12 12:42:31 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D5004C24-AFB9-4910-BB9D-342837BB4CEF}
[2012/02/12 12:41:47 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/11 16:28:07 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{8D8B50C0-AD2A-4256-8F97-BA0DC0551842}
[2012/02/11 16:27:55 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{AB4B733F-B9CF-46D0-94DF-A9937A9470D0}
[2012/02/10 23:53:26 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{8E02B4EB-DA66-4577-8189-A2EED29CD6C9}
[2012/02/10 23:53:14 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{473EF921-B4F8-4486-BE26-5C41D5C26DD6}
[2012/02/10 23:19:52 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{F6FA3787-F0FB-4EA0-81B6-D72D2B3288F0}
[2012/02/10 06:12:07 | 000,000,000 | ---D | C] -- I:\Users\Susi\Desktop\Hausbau
[2012/02/10 02:31:20 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{5A47CE92-2DAC-4A06-949E-C29B5A57BFB6}
[2012/02/10 02:30:57 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{F26D6B8B-7B7A-445F-9644-60A7AE117D77}
[2012/02/09 01:14:35 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{E0A1BD14-8346-4FE3-934D-4882E10FA534}
[2012/02/09 01:14:23 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{B83531FF-F4D6-4E22-9E1C-03F7EC3FCD9F}
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Nitro PDF
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\Nitro PDF
[2012/02/08 00:28:18 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{44DF75F5-3436-442E-A8DF-D3F2706DFEBE}
[2012/02/08 00:27:55 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{6D49444E-212B-4AA0-9F26-CED2F3C9B054}
[2012/02/07 10:27:33 | 000,000,000 | ---D | C] -- I:\ProgramData\ATI
[2012/02/07 10:27:30 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD APP
[2012/02/07 10:27:15 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/07 10:23:17 | 000,000,000 | ---D | C] -- I:\AMD
[2012/02/07 10:14:45 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{17C24C01-156B-4E6F-90CA-6D8FA8250451}
[2012/02/07 10:14:32 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D84D0F36-AB6F-421B-8E54-5958494215E4}
[2012/02/06 12:51:29 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{5C60BF8A-F90E-4A6D-862A-6DF8C2008A1A}
[2012/02/06 12:51:17 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{0038E774-F4A2-49F5-B6D9-B0899D2DA70C}
[2012/02/05 22:58:24 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{09384AEC-31FC-4CBE-B05D-922FCE9412CD}
[2012/02/05 22:58:01 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{0EBFC24F-2E15-42A9-AA9F-9C16C7123EEC}
[2012/02/05 09:32:02 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{009332B6-B0A7-44D3-BD89-FDDBC4B8BA69}
[2012/02/05 09:31:50 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{8BD7CECD-5D67-44F1-B12B-ADEC0550E07B}
[2012/02/05 09:11:59 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{AA8D3963-25BB-4267-988C-4ACB60A8E18E}
[2012/02/05 09:11:48 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{602F1680-790F-4685-B51F-26A8623DDB2D}
[2012/02/05 02:13:51 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{A922D653-ACD4-45B6-8873-7B9C71C1178B}
[2012/02/05 02:13:28 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{23ADEA6E-AEF1-4622-99FB-E7E82E6F2C41}
[2012/02/04 04:58:32 | 000,000,000 | ---D | C] -- I:\Users\Frank\Desktop\Hausbau
[2012/02/04 04:58:05 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{705875F8-FEEE-4465-9F2E-D69FA1D7E0C5}
[2012/02/04 04:57:53 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{FD239A2E-2A2E-4048-AB3B-AF627C91E1CF}
[2012/02/03 11:05:03 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{4EFC2246-4FBF-494C-9E13-58C0972D2E1B}
[2012/02/03 11:04:39 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{B5ED75A3-D1FB-4C93-B79F-CF0A958D4913}
[2012/02/02 14:31:28 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{CB924D3E-D043-4693-A4BE-C9D747B20022}
[2012/02/02 14:31:16 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{9C0F9A18-5F2C-479B-9C66-8B8BAEE0EB87}
[2012/02/01 23:40:00 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{A6E6B7D5-1B52-486D-B3BC-5FCDE2025BB0}
[2012/02/01 23:39:48 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{6357B1C6-39C3-45A8-AAD8-3A2B280DD437}
[2012/01/31 23:43:05 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D91465BF-54A0-42B9-A33C-EBDD1493058E}
[2012/01/31 23:42:42 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{2A680B3E-8785-4A7E-94C5-9AB125BACD9C}
[2012/01/30 12:50:12 | 000,000,000 | ---D | C] -- I:\Users\Frank\Documents\Envisioneer Express 5.0
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Cadsoft
[2012/01/30 12:49:20 | 000,000,000 | ---D | C] -- I:\ProgramData\Cadsoft
[2012/01/30 12:04:57 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{16D6A1AD-44CA-4107-9B92-1CB0DEC52968}
[2012/01/30 12:04:45 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{FF783E20-0010-467E-A9D9-3D4287C5FD36}
[2012/01/29 23:43:36 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{F9069637-BCC6-4D63-A499-DAD9EF7D8D68}
[2012/01/29 23:43:25 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{4A2829B6-8D2D-4FB8-9561-6BCCA6D9AC28}
[2012/01/29 02:55:25 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{C831A865-BD49-4D62-B866-30D976D86F18}
[2012/01/29 02:55:03 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{9F5D6451-C958-4BE7-8797-CBB8698DFED5}
[2012/01/28 04:23:19 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{D43186DC-7ACF-4896-9095-FD34DFBB5FE1}
[2012/01/27 12:28:01 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{EAF7C47D-98BC-4FBA-9BA5-5070EB99F549}
[2012/01/27 12:27:36 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{C7D3D987-19CC-4900-B1C4-A66D7C19A3A8}
[2012/01/26 00:42:54 | 001,447,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\lsasrv.dll
[2012/01/26 00:42:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\webio.dll
[2012/01/26 00:42:54 | 000,314,880 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\webio.dll
[2012/01/26 00:42:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\sspicli.dll
[2012/01/26 00:42:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\sspisrv.dll
[2012/01/26 00:42:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\secur32.dll
[2012/01/26 00:41:39 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{8892C37B-F3B7-4EE2-A7DF-FDD0FA1BDD14}
[2012/01/26 00:41:16 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{56647F55-559F-4538-95F8-E9D986FF7861}
[2012/01/25 03:04:52 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{DD3D85F9-14F3-4E15-B266-3A4251108B5F}
[2012/01/25 03:04:39 | 000,000,000 | ---D | C] -- I:\Users\Frank\AppData\Local\{C52025B1-E7E4-4069-8703-49D6B966586F}
[2011/11/10 14:01:28 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- I:\Program Files (x86)\atiapfxx.exe
[2011/11/10 14:01:24 | 000,004,096 | ---- | C] (Advanced Micro Devices, Inc.) -- I:\Program Files (x86)\Version.dll
[3 I:\Users\Frank\AppData\Local\*.tmp files -> I:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/23 14:22:12 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/02/23 14:22:08 | 000,000,000 | ---- | M] () -- I:\Windows\SysWow64\Access.dat
[2012/02/23 14:21:04 | 2146,836,479 | -HS- | M] () -- I:\hiberfil.sys
[2012/02/23 13:06:52 | 000,014,608 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 13:06:52 | 000,014,608 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 13:05:59 | 000,001,104 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 13:04:03 | 000,001,108 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 12:51:48 | 000,331,776 | ---- | M] (Promise Technology, Inc.) -- I:\Windows\System32\gema.exe
[2012/02/22 11:55:57 | 000,654,150 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/02/22 11:55:57 | 000,616,032 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/02/22 11:55:57 | 000,130,022 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/02/22 11:55:57 | 000,106,412 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/02/21 15:28:06 | 000,018,897 | ---- | M] () -- I:\Users\Frank\Desktop\Lightbarssafe.zip
[2012/02/21 14:20:16 | 000,003,029 | ---- | M] () -- I:\Users\Frank\Desktop\starshooter.zip
[2012/02/21 07:14:43 | 093,183,869 | ---- | M] () -- I:\Users\Frank\Desktop\Mein Film.wmv
[2012/02/19 16:31:57 | 228,001,052 | ---- | M] () -- I:\Users\Frank\Desktop\blaulichtinaction.wmv
[2012/02/19 00:54:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/16 10:57:24 | 004,900,800 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys
[2012/02/12 12:41:48 | 000,000,625 | ---- | M] () -- I:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/02/12 12:41:48 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/09 01:32:44 | 000,034,927 | ---- | M] () -- I:\Users\Frank\Desktop\Extra_Konto_55153xxxxxx_Kontoauszug_20120104.pdf
[2012/02/09 01:30:00 | 000,202,196 | ---- | M] () -- I:\Users\Frank\Desktop\Extra_Konto_5515xxxxxx_Kontoauszug_20120104-1.markiert.pdf
[2012/02/08 12:12:50 | 000,002,483 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/08 12:12:50 | 000,001,652 | ---- | M] () -- I:\Users\Public\Desktop\Nitro Reader.lnk
[2012/02/07 10:27:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/04 13:28:04 | 000,262,091 | ---- | M] () -- I:\Users\Frank\Documents\ts3_clientui-win64-1327056547-2012-02-04 19_28_03.930003.dmp
[2012/02/03 13:28:23 | 000,000,769 | ---- | M] () -- I:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 14:23:57 | 000,012,722 | ---- | M] () -- I:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2012/02/01 00:23:41 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:23:41 | 000,001,889 | ---- | M] () -- I:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/31 23:48:57 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[2012/01/30 12:50:10 | 000,001,772 | ---- | M] () -- I:\Users\Public\Desktop\Envisioneer Express 5.0.lnk
[3 I:\Users\Frank\AppData\Local\*.tmp files -> I:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/21 15:28:06 | 000,018,897 | ---- | C] () -- I:\Users\Frank\Desktop\Lightbarssafe.zip
[2012/02/21 14:16:28 | 000,003,029 | ---- | C] () -- I:\Users\Frank\Desktop\starshooter.zip
[2012/02/21 07:13:42 | 093,183,869 | ---- | C] () -- I:\Users\Frank\Desktop\Mein Film.wmv
[2012/02/19 16:29:02 | 228,001,052 | ---- | C] () -- I:\Users\Frank\Desktop\blaulichtinaction.wmv
[2012/02/09 01:33:57 | 000,034,927 | ---- | C] () -- I:\Users\Frank\Desktop\Extra_Konto_5515388749_Kontoauszug_20120104.pdf
[2012/02/09 01:29:05 | 000,202,196 | ---- | C] () -- I:\Users\Frank\Desktop\Extra_Konto_5515333898_Kontoauszug_20120104-1.markiert.pdf
[2012/02/08 12:12:50 | 000,002,483 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/08 12:12:50 | 000,001,652 | ---- | C] () -- I:\Users\Public\Desktop\Nitro Reader.lnk
[2012/02/04 13:28:03 | 000,262,091 | ---- | C] () -- I:\Users\Frank\Documents\ts3_clientui-win64-1327056547-2012-02-04 19_28_03.930003.dmp
[2012/02/01 00:23:41 | 000,002,441 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:23:41 | 000,001,889 | ---- | C] () -- I:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/30 12:50:10 | 000,001,772 | ---- | C] () -- I:\Users\Public\Desktop\Envisioneer Express 5.0.lnk
[2012/01/09 04:10:58 | 000,000,000 | ---- | C] () -- I:\Users\Frank\AppData\Local\{7923590C-C6FE-4549-B96B-8B13E572C390}
[2012/01/09 04:09:15 | 000,000,000 | ---- | C] () -- I:\Users\Frank\AppData\Local\{4416FFE3-F7C8-466E-AA51-2AAFAFE53058}
[2012/01/09 04:08:17 | 000,000,000 | ---- | C] () -- I:\Users\Frank\AppData\Local\{5CB5ECA1-01BA-4507-A34C-4106A521EAA8}
[2011/12/05 16:04:00 | 000,059,904 | ---- | C] () -- I:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 16:03:52 | 000,054,784 | ---- | C] () -- I:\Windows\SysWow64\OVDecode.dll
[2011/11/10 14:01:34 | 000,212,472 | ---- | C] () -- I:\Program Files (x86)\atiapfxx.blb
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- I:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- I:\Windows\SysWow64\ativvsva.dat
[2011/10/25 15:21:34 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- I:\Windows\SysWow64\atipblag.dat
[2011/08/26 17:21:30 | 000,042,392 | ---- | C] () -- I:\Windows\SysWow64\xfcodec.dll
[2011/05/12 09:24:49 | 000,151,552 | ---- | C] () -- I:\Windows\SysWow64\nvRegDev.dll
[2011/05/12 09:24:38 | 000,061,440 | ---- | C] () -- I:\Windows\SysWow64\nvPhotoshopUtil.dll
[2011/05/12 09:24:38 | 000,040,960 | ---- | C] () -- I:\Windows\SysWow64\nvISWOW64.dll
[2011/05/10 14:27:03 | 000,000,132 | ---- | C] () -- I:\Users\Frank\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/05/10 04:20:40 | 000,007,168 | ---- | C] () -- I:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 10:16:21 | 000,000,132 | ---- | C] () -- I:\Users\Frank\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/24 10:08:17 | 000,819,200 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll
[2011/03/24 10:08:17 | 000,180,224 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll
[2011/03/23 11:39:07 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2010/12/29 10:16:54 | 000,000,056 | -H-- | C] () -- I:\Windows\SysWow64\ezsidmv.dat
[2010/12/22 06:37:07 | 000,012,358 | ---- | C] () -- I:\Users\Susi\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:22 | 000,012,722 | ---- | C] () -- I:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:11 | 000,036,864 | ---- | C] () -- I:\Windows\SysWow64\SvcMan.exe
[2010/12/20 15:51:57 | 000,000,136 | ---- | C] () -- I:\Windows\Readiris.ini
[2010/12/20 15:51:55 | 000,023,040 | ---- | C] () -- I:\Windows\SysWow64\irisco32.dll
[2010/12/20 15:49:01 | 000,484,656 | ---- | C] () -- I:\Windows\ssndii.exe
[2010/12/20 15:48:43 | 000,116,016 | ---- | C] () -- I:\Windows\Wiainst.exe
[2010/07/11 13:54:09 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini
[2010/07/09 05:12:46 | 000,007,597 | ---- | C] () -- I:\Users\Frank\AppData\Local\resmon.resmoncfg
[2010/04/14 14:10:59 | 000,000,000 | ---- | C] () -- I:\Windows\SysWow64\Access.dat
[2010/02/15 13:44:34 | 000,000,152 | ---- | C] () -- I:\Users\Frank\AppData\Roaming\default.rss
[2010/01/23 09:01:13 | 000,107,832 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrB.exe
[2010/01/23 09:01:12 | 002,250,024 | ---- | C] () -- I:\Windows\SysWow64\pbsvc.exe
[2010/01/23 09:01:12 | 000,066,872 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrA.exe
[2010/01/22 13:02:07 | 000,000,424 | ---- | C] () -- I:\Windows\MAXLINK.INI
[2010/01/22 12:24:36 | 000,002,419 | ---- | C] () -- I:\Windows\cdplayer.ini
[2010/01/22 10:48:36 | 000,000,400 | ---- | C] () -- I:\Windows\ODBC.INI
[2010/01/22 10:24:33 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin
[2010/01/22 10:17:43 | 000,024,576 | R--- | C] () -- I:\Windows\SysWow64\AsIO.dll
[2010/01/22 10:17:43 | 000,014,392 | R--- | C] () -- I:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/22 10:17:41 | 000,011,832 | ---- | C] () -- I:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/01/22 10:17:41 | 000,010,216 | ---- | C] () -- I:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/01/22 10:12:26 | 000,033,124 | ---- | C] () -- I:\Windows\Ascd_log.ini
[2010/01/22 10:11:53 | 000,001,769 | ---- | C] () -- I:\Windows\Language_trs.ini
[2010/01/22 10:11:50 | 000,028,232 | ---- | C] () -- I:\Windows\Ascd_tmp.ini
[2009/10/15 09:06:26 | 000,000,170 | ---- | C] () -- I:\Program Files (x86)\appprofiles.reg
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- I:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/18 22:35:10 | 000,049,152 | R--- | C] () -- I:\Windows\DAOD.exe
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- I:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- I:\Windows\SysWow64\AgCPanelFrench.dll
[2002/09/17 17:45:00 | 000,119,808 | ---- | C] () -- I:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2012/02/07 10:26:47 | 000,000,000 | ---D | M] -- I:\ProgramData\AMD
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2010/08/22 08:20:17 | 000,000,000 | ---D | M] -- I:\ProgramData\BioWare
[2012/01/30 12:49:20 | 000,000,000 | ---D | M] -- I:\ProgramData\Cadsoft
[2010/10/21 09:23:39 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJPLM
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2011/05/02 07:30:07 | 000,000,000 | ---D | M] -- I:\ProgramData\EA Core
[2011/05/02 07:31:59 | 000,000,000 | ---D | M] -- I:\ProgramData\Electronic Arts
[2010/05/16 09:42:30 | 000,000,000 | ---D | M] -- I:\ProgramData\elsterformular
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2011/11/21 04:45:48 | 000,000,000 | ---D | M] -- I:\ProgramData\GARMIN
[2012/02/23 12:51:49 | 000,000,000 | ---D | M] -- I:\ProgramData\gema
[2011/04/12 01:33:27 | 000,000,000 | ---D | M] -- I:\ProgramData\Media Get LLC
[2010/11/05 11:06:06 | 000,000,000 | ---D | M] -- I:\ProgramData\NETg
[2011/04/30 02:53:39 | 000,000,000 | ---D | M] -- I:\ProgramData\Nitro PDF
[2011/04/29 12:20:08 | 000,000,000 | ---D | M] -- I:\ProgramData\regid.1986-12.com.adobe
[2010/01/22 13:02:01 | 000,000,000 | ---D | M] -- I:\ProgramData\ScanSoft
[2011/07/09 04:51:13 | 000,000,000 | ---D | M] -- I:\ProgramData\SimCity Societies
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2011/01/08 12:09:49 | 000,000,000 | ---D | M] -- I:\ProgramData\Tunngle
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2012/02/16 04:02:09 | 000,032,640 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

markusg 23.02.2012 21:10
mit dem betroffenen profil am besten

Ghostrider1 23.02.2012 21:22
Ich habe 2x den Eintrag GEMA.exe gefunden im logfile. Was muss ich jetzt tun?

markusg 23.02.2012 21:26
steht doch da, logfiles posten.

Ghostrider1 23.02.2012 21:29
hab ich doch gepostet. Diese .txt datei ist online

markusg 23.02.2012 21:44
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKLM..\Run: [gema.] I:\ProgramData\gema\gema.exe (Promise Technology, Inc.)
O4 - HKU\Frank_ON_I..\Run: [gema] I:\Users\Frank\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O4 - HKU\Susi_ON_I..\Run: [gema] I:\Users\Susi\AppData\Roaming\gema\gema.exe (Promise Technology, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - I:\ProgramData\gema\gema.exe (Promise Technology, Inc.)
O20 - HKU\Frank_ON_I Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\gema\gema.exe) - I:\Users\Frank\AppData\Roaming\gema\gema.exe (Promise Technology,
Inc.)
O20 - HKU\Susi_ON_I Winlogon: Shell - (C:\Users\Susi\AppData\Roaming\gema\gema.exe) - I:\Users\Susi\AppData\Roaming\gema\gema.exe (Promise Technology,
Inc.)
:Files
I:\ProgramData\gema
I:\Users\Frank\AppData\Roaming\gema
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


edit: bei dir evtl. i:

Ghostrider1 23.02.2012 22:09
So ich melde mich soeben von dem betroffenen Rechner.

Der Upload ist durch. Die otl.txt wurde nicht neu geschrieben. Ich habe mein System nach dieser Datei durchsuchen lasse, -> kein Treffer.
Soll ich meinen Rechner nochmal mit diesem Rettungsprogramm hochfahren und eine neue otl.txt schreiben lassen?

Ansonsten geniales Programm. Außer das das reboot-command net funktioniert hat. Er hatte sich aufgehangen...

Ghostrider1 24.02.2012 09:06
Moin Moin.

Erstmal ganz dickes fettes Dankeschön an das Team und die schnelle Hilfe!!!

Hier ist das LogFile welches ich heute gezogen habe, nachdem der Rechner wieder läuft. Ich sehe da noch paar Gema-Einträge. Muss ich noch was machen? Avira hat nix gefunden.

Code:
OTL logfile created on: 2/24/2012 8:55:05 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = J: | %SystemRoot% = J:\Windows | %ProgramFiles% = J:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 369.91 Gb Free Space | 79.44% Space Free | Partition Type: FAT32
Drive E: | 7.47 Gb Total Space | 6.98 Gb Free Space | 93.40% Space Free | Partition Type: FAT32
Drive J: | 58.59 Gb Total Space | 15.67 Gb Free Space | 26.75% Space Free | Partition Type: NTFS
Drive K: | 407.07 Gb Total Space | 223.72 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/01/16 03:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto] -- J:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto] -- J:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/05 16:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/11 00:08:22 | 003,340,064 | ---- | M] () [Auto] -- J:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- J:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 04:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto] -- J:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/11 07:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 07:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/28 11:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto] -- J:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/04/21 19:28:00 | 003,570,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- J:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- J:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/23 09:01:12 | 000,066,872 | ---- | M] () [Auto] -- J:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- J:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 04:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- J:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/11/10 01:12:28 | 000,099,936 | ---- | M] () [Auto] -- J:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/11 08:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- J:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 08:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/06 05:27:01 | 000,314,016 | ---- | M] () [Kernel | Auto] -- J:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/03/06 05:26:59 | 000,043,680 | ---- | M] () [Kernel | Auto] -- J:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/29 03:50:30 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto] -- J:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/10/29 03:45:34 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- J:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009/09/30 09:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 00:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- J:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- J:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 03:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/28 11:47:38 | 000,025,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009/05/28 10:47:38 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/05/25 10:32:08 | 000,198,784 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\vmuvc.sys -- (VMUVC)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- J:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 20:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- J:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- J:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/01 04:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2009/10/28 00:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- J:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- J:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Frank_ON_J\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKU\Frank_ON_J\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_J\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Frank_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
 
 
IE - HKU\Susi_ON_J\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Susi_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: J:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: J:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Webzen.com/NPGameWebStarter: J:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: J:\Program Files (x86)\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Firefox\plugins
 
[2010/01/22 12:42:11 | 000,000,000 | ---D | M] (No name found) -- J:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (No name found) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions
[2011/11/24 07:47:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/08/02 06:17:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/06 05:39:31 | 000,000,000 | ---D | M] (Conduit Engine) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\engine@conduit.com
[2011/12/17 17:05:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\toolbar@ask.com
File not found (No name found) --
 
O1 HOSTS File: ([2011/02/25 10:41:38 | 000,003,471 | ---- | M]) - J:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.*
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 65 more lines...
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - J:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - J:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Frank_ON_J\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\Frank_ON_J\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IntelliPoint] J:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] J:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3200 Scan2PC] J:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [ApnUpdater] J:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] J:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [gema.]  File not found
O4 - HKLM..\Run: [HDAudDeck] J:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] J:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] J:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Frank_ON_J..\Run: [Akamai NetSession Interface] J:\Users\Frank\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Frank_ON_J..\Run: [gema]  File not found
O4 - HKU\Frank_ON_J..\Run: [mapdisk]  File not found
O4 - HKU\Frank_ON_J..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Susi_ON_J..\Run: [gema]  File not found
O4 - HKU\LocalService_ON_J..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_J..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - J:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Frank_ON_J Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\gema\gema.exe) -  File not found
O20 - HKU\Frank_ON_J Winlogon: Shell - (Explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Susi_ON_J Winlogon: Shell - (C:\Users\Susi\AppData\Roaming\gema\gema.exe) -  File not found
O20 - HKU\Susi_ON_J Winlogon: Shell - (Explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8c89c8cf-7630-11df-94b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c89c8cf-7630-11df-94b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/24 01:02:42 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Roaming\gema
[2012/02/24 01:02:42 | 000,000,000 | ---D | C] -- J:\ProgramData\gema
[2012/02/23 21:54:40 | 002,237,440 | R--- | C] (OldTimer Tools) -- J:\OTLPE.exe
[2012/02/23 13:06:04 | 000,000,000 | ---D | C] -- J:\Users\Susi\AppData\Roaming\gema
[2012/02/23 12:51:49 | 000,331,776 | ---- | C] (Promise Technology, Inc.) -- J:\Windows\System32\gema.exe
[2012/02/22 11:52:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{20344EB2-E522-4412-80A5-3FFED3C47FCD}
[2012/02/22 11:51:59 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{07059E73-8E21-46A5-8516-8D7D9FEA56F8}
[2012/02/21 12:20:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{47B6700E-988A-4A89-A754-4A56C5CA6A46}
[2012/02/21 00:16:43 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{3DFDC237-4F59-4F38-B05F-98FC09C52638}
[2012/02/21 00:16:32 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E6C995E2-BFC6-4DD8-9CE7-23C5857B0C65}
[2012/02/21 00:09:53 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{351E5B6A-BA24-4E43-9C89-79EB6B4F2D72}
[2012/02/20 11:02:21 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F1672412-22A3-4E1C-BD25-F37F86DB131B}
[2012/02/20 11:02:09 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{DA71FF2C-BC09-438F-9985-81B94AD35892}
[2012/02/19 16:22:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{7DC1B33F-6155-4537-A7AA-BC3E69DC2A22}
[2012/02/19 16:22:02 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{3159A7AC-1306-4AD9-9E44-9189EC9ACA80}
[2012/02/19 03:41:38 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{72E6CDED-46D1-4244-8192-9A7354D97C2B}
[2012/02/19 03:41:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{637528F2-CBDE-44F3-9851-3042DF9F8A49}
[2012/02/17 11:10:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4009F083-6397-4FD0-96FA-209AEA7D8AF0}
[2012/02/17 11:09:44 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D1A675E9-F09A-4236-8CF8-FAAE8A6C297A}
[2012/02/17 00:14:26 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4B0B5012-9F15-497E-B94C-19366F69C582}
[2012/02/16 04:09:11 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F86D3D64-C520-4778-A266-55311BE1DF5C}
[2012/02/16 04:08:58 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{01A3B039-08E0-4206-844B-AD22D5C3429E}
[2012/02/16 04:08:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ntshrui.dll
[2012/02/16 04:08:32 | 000,515,584 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\timedate.cpl
[2012/02/16 04:08:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\timedate.cpl
[2012/02/16 04:08:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msvcrt.dll
[2012/02/16 04:08:20 | 000,702,464 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msfeeds.dll
[2012/02/16 04:08:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeeds.dll
[2012/02/16 04:08:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieui.dll
[2012/02/16 04:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieui.dll
[2012/02/16 04:08:19 | 000,134,144 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\url.dll
[2012/02/16 04:08:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\url.dll
[2012/02/16 04:08:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshtmled.dll
[2012/02/16 04:08:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmled.dll
[2012/02/15 04:19:19 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{2C7A8AAA-42FB-4CF5-B654-CE8F86EE0DDA}
[2012/02/15 04:19:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0DD1174C-8924-417D-AC35-2C3ED0C96338}
[2012/02/14 04:29:40 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{DEB43ED2-0273-4FD1-BF07-064D64666BB7}
[2012/02/14 04:29:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0F2A03D8-57F4-4E6A-B5F6-98182A7B1983}
[2012/02/13 04:32:35 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5A25F15B-E29B-48BD-B73E-289F5CE58E0F}
[2012/02/13 04:32:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D7CF812C-30BC-457A-85B8-98FF18002927}
[2012/02/13 04:19:24 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E5166265-01D7-4BAB-895D-F16B78D2AA88}
[2012/02/13 04:19:08 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D8CF084C-5C36-4DB8-A9E2-14FBAAA7CDE1}
[2012/02/12 12:42:44 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{7562FA57-85D1-4C77-9C5E-02406FA8DC95}
[2012/02/12 12:42:31 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D5004C24-AFB9-4910-BB9D-342837BB4CEF}
[2012/02/12 12:41:47 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/11 16:28:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8D8B50C0-AD2A-4256-8F97-BA0DC0551842}
[2012/02/11 16:27:55 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{AB4B733F-B9CF-46D0-94DF-A9937A9470D0}
[2012/02/10 23:53:26 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8E02B4EB-DA66-4577-8189-A2EED29CD6C9}
[2012/02/10 23:53:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{473EF921-B4F8-4486-BE26-5C41D5C26DD6}
[2012/02/10 23:19:52 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F6FA3787-F0FB-4EA0-81B6-D72D2B3288F0}
[2012/02/10 06:12:07 | 000,000,000 | ---D | C] -- J:\Users\Susi\Desktop\Hausbau
[2012/02/10 02:31:20 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5A47CE92-2DAC-4A06-949E-C29B5A57BFB6}
[2012/02/10 02:30:57 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F26D6B8B-7B7A-445F-9644-60A7AE117D77}
[2012/02/09 01:14:35 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E0A1BD14-8346-4FE3-934D-4882E10FA534}
[2012/02/09 01:14:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{B83531FF-F4D6-4E22-9E1C-03F7EC3FCD9F}
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\Nitro PDF
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Common Files\Nitro PDF
[2012/02/08 00:28:18 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{44DF75F5-3436-442E-A8DF-D3F2706DFEBE}
[2012/02/08 00:27:55 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{6D49444E-212B-4AA0-9F26-CED2F3C9B054}
[2012/02/07 10:27:33 | 000,000,000 | ---D | C] -- J:\ProgramData\ATI
[2012/02/07 10:27:30 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\AMD APP
[2012/02/07 10:27:15 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/07 10:23:17 | 000,000,000 | ---D | C] -- J:\AMD
[2012/02/07 10:14:45 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{17C24C01-156B-4E6F-90CA-6D8FA8250451}
[2012/02/07 10:14:32 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D84D0F36-AB6F-421B-8E54-5958494215E4}
[2012/02/06 12:51:29 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5C60BF8A-F90E-4A6D-862A-6DF8C2008A1A}
[2012/02/06 12:51:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0038E774-F4A2-49F5-B6D9-B0899D2DA70C}
[2012/02/05 22:58:24 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{09384AEC-31FC-4CBE-B05D-922FCE9412CD}
[2012/02/05 22:58:01 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0EBFC24F-2E15-42A9-AA9F-9C16C7123EEC}
[2012/02/05 09:32:02 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{009332B6-B0A7-44D3-BD89-FDDBC4B8BA69}
[2012/02/05 09:31:50 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8BD7CECD-5D67-44F1-B12B-ADEC0550E07B}
[2012/02/05 09:11:59 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{AA8D3963-25BB-4267-988C-4ACB60A8E18E}
[2012/02/05 09:11:48 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{602F1680-790F-4685-B51F-26A8623DDB2D}
[2012/02/05 02:13:51 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{A922D653-ACD4-45B6-8873-7B9C71C1178B}
[2012/02/05 02:13:28 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{23ADEA6E-AEF1-4622-99FB-E7E82E6F2C41}
[2012/02/04 04:58:05 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{705875F8-FEEE-4465-9F2E-D69FA1D7E0C5}
[2012/02/04 04:57:53 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{FD239A2E-2A2E-4048-AB3B-AF627C91E1CF}
[2012/02/03 11:05:03 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4EFC2246-4FBF-494C-9E13-58C0972D2E1B}
[2012/02/03 11:04:39 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{B5ED75A3-D1FB-4C93-B79F-CF0A958D4913}
[2012/02/02 14:31:28 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{CB924D3E-D043-4693-A4BE-C9D747B20022}
[2012/02/02 14:31:16 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{9C0F9A18-5F2C-479B-9C66-8B8BAEE0EB87}
[2012/02/01 23:40:00 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{A6E6B7D5-1B52-486D-B3BC-5FCDE2025BB0}
[2012/02/01 23:39:48 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{6357B1C6-39C3-45A8-AAD8-3A2B280DD437}
[2012/01/31 23:43:05 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D91465BF-54A0-42B9-A33C-EBDD1493058E}
[2012/01/31 23:42:42 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{2A680B3E-8785-4A7E-94C5-9AB125BACD9C}
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Cadsoft
[2012/01/30 12:49:20 | 000,000,000 | ---D | C] -- J:\ProgramData\Cadsoft
[2012/01/30 12:04:57 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{16D6A1AD-44CA-4107-9B92-1CB0DEC52968}
[2012/01/30 12:04:45 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{FF783E20-0010-467E-A9D9-3D4287C5FD36}
[2012/01/29 23:43:36 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F9069637-BCC6-4D63-A499-DAD9EF7D8D68}
[2012/01/29 23:43:25 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4A2829B6-8D2D-4FB8-9561-6BCCA6D9AC28}
[2012/01/29 02:55:25 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{C831A865-BD49-4D62-B866-30D976D86F18}
[2012/01/29 02:55:03 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{9F5D6451-C958-4BE7-8797-CBB8698DFED5}
[2012/01/28 04:23:19 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D43186DC-7ACF-4896-9095-FD34DFBB5FE1}
[2012/01/27 12:28:01 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{EAF7C47D-98BC-4FBA-9BA5-5070EB99F549}
[2012/01/27 12:27:36 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{C7D3D987-19CC-4900-B1C4-A66D7C19A3A8}
[2012/01/26 00:42:54 | 001,447,936 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\lsasrv.dll
[2012/01/26 00:42:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\webio.dll
[2012/01/26 00:42:54 | 000,314,880 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\webio.dll
[2012/01/26 00:42:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\sspicli.dll
[2012/01/26 00:42:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\sspisrv.dll
[2012/01/26 00:42:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\secur32.dll
[2012/01/26 00:41:39 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8892C37B-F3B7-4EE2-A7DF-FDD0FA1BDD14}
[2012/01/26 00:41:16 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{56647F55-559F-4538-95F8-E9D986FF7861}
[2011/11/10 14:01:28 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- J:\Program Files (x86)\atiapfxx.exe
[2011/11/10 14:01:24 | 000,004,096 | ---- | C] (Advanced Micro Devices, Inc.) -- J:\Program Files (x86)\Version.dll
[3 J:\Users\Frank\AppData\Local\*.tmp files -> J:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/24 02:47:04 | 000,067,584 | --S- | M] () -- J:\Windows\bootstat.dat
[2012/02/24 02:46:51 | 000,000,000 | ---- | M] () -- J:\Windows\SysWow64\Access.dat
[2012/02/24 02:04:08 | 000,001,108 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 01:35:58 | 000,014,608 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 01:35:58 | 000,014,608 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 01:26:37 | 000,001,104 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 01:25:47 | 2146,836,479 | -HS- | M] () -- J:\hiberfil.sys
[2012/02/23 16:09:07 | 000,654,150 | ---- | M] () -- J:\Windows\System32\perfh007.dat
[2012/02/23 16:09:07 | 000,616,032 | ---- | M] () -- J:\Windows\System32\perfh009.dat
[2012/02/23 16:09:07 | 000,130,022 | ---- | M] () -- J:\Windows\System32\perfc007.dat
[2012/02/23 16:09:07 | 000,106,412 | ---- | M] () -- J:\Windows\System32\perfc009.dat
[2012/02/23 12:51:48 | 000,331,776 | ---- | M] (Promise Technology, Inc.) -- J:\Windows\System32\gema.exe
[2012/02/19 00:54:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- J:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/16 10:57:24 | 004,900,800 | ---- | M] () -- J:\Windows\System32\FNTCACHE.DAT
[2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) -- J:\Windows\System32\drivers\avipbb.sys
[2012/02/12 12:41:48 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/08 12:12:50 | 000,002,483 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/07 10:27:15 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/03 13:28:23 | 000,000,769 | ---- | M] () -- J:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 14:23:57 | 000,012,722 | ---- | M] () -- J:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2012/02/01 00:23:41 | 000,002,441 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/31 23:48:57 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[3 J:\Users\Frank\AppData\Local\*.tmp files -> J:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/08 12:12:50 | 000,002,483 | ---- | C] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/01 00:23:41 | 000,002,441 | ---- | C] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/09 04:10:58 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{7923590C-C6FE-4549-B96B-8B13E572C390}
[2012/01/09 04:09:15 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{4416FFE3-F7C8-466E-AA51-2AAFAFE53058}
[2012/01/09 04:08:17 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{5CB5ECA1-01BA-4507-A34C-4106A521EAA8}
[2011/12/05 16:04:00 | 000,059,904 | ---- | C] () -- J:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 16:03:52 | 000,054,784 | ---- | C] () -- J:\Windows\SysWow64\OVDecode.dll
[2011/11/10 14:01:34 | 000,212,472 | ---- | C] () -- J:\Program Files (x86)\atiapfxx.blb
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- J:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- J:\Windows\SysWow64\ativvsva.dat
[2011/10/25 15:21:34 | 000,056,832 | ---- | C] () -- J:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- J:\Windows\SysWow64\atipblag.dat
[2011/08/26 17:21:30 | 000,042,392 | ---- | C] () -- J:\Windows\SysWow64\xfcodec.dll
[2011/05/12 09:24:49 | 000,151,552 | ---- | C] () -- J:\Windows\SysWow64\nvRegDev.dll
[2011/05/12 09:24:38 | 000,061,440 | ---- | C] () -- J:\Windows\SysWow64\nvPhotoshopUtil.dll
[2011/05/12 09:24:38 | 000,040,960 | ---- | C] () -- J:\Windows\SysWow64\nvISWOW64.dll
[2011/05/10 14:27:03 | 000,000,132 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/05/10 04:20:40 | 000,007,168 | ---- | C] () -- J:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 10:16:21 | 000,000,132 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/24 10:08:17 | 000,819,200 | ---- | C] () -- J:\Windows\SysWow64\xvidcore.dll
[2011/03/24 10:08:17 | 000,180,224 | ---- | C] () -- J:\Windows\SysWow64\xvidvfw.dll
[2011/03/23 11:39:07 | 000,252,928 | ---- | C] () -- J:\Windows\SysWow64\DShowRdpFilter.dll
[2010/12/29 10:16:54 | 000,000,056 | -H-- | C] () -- J:\Windows\SysWow64\ezsidmv.dat
[2010/12/22 06:37:07 | 000,012,358 | ---- | C] () -- J:\Users\Susi\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:22 | 000,012,722 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:11 | 000,036,864 | ---- | C] () -- J:\Windows\SysWow64\SvcMan.exe
[2010/12/20 15:51:57 | 000,000,136 | ---- | C] () -- J:\Windows\Readiris.ini
[2010/12/20 15:51:55 | 000,023,040 | ---- | C] () -- J:\Windows\SysWow64\irisco32.dll
[2010/12/20 15:49:01 | 000,484,656 | ---- | C] () -- J:\Windows\ssndii.exe
[2010/12/20 15:48:43 | 000,116,016 | ---- | C] () -- J:\Windows\Wiainst.exe
[2010/07/11 13:54:09 | 000,000,069 | ---- | C] () -- J:\Windows\NeroDigital.ini
[2010/07/09 05:12:46 | 000,007,597 | ---- | C] () -- J:\Users\Frank\AppData\Local\resmon.resmoncfg
[2010/04/14 14:10:59 | 000,000,000 | ---- | C] () -- J:\Windows\SysWow64\Access.dat
[2010/02/15 13:44:34 | 000,000,152 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\default.rss
[2010/01/23 09:01:13 | 000,107,832 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrB.exe
[2010/01/23 09:01:12 | 002,250,024 | ---- | C] () -- J:\Windows\SysWow64\pbsvc.exe
[2010/01/23 09:01:12 | 000,066,872 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrA.exe
[2010/01/22 13:02:07 | 000,000,424 | ---- | C] () -- J:\Windows\MAXLINK.INI
[2010/01/22 12:24:36 | 000,002,419 | ---- | C] () -- J:\Windows\cdplayer.ini
[2010/01/22 10:48:36 | 000,000,400 | ---- | C] () -- J:\Windows\ODBC.INI
[2010/01/22 10:24:33 | 000,000,000 | ---- | C] () -- J:\Windows\ativpsrm.bin
[2010/01/22 10:17:43 | 000,024,576 | R--- | C] () -- J:\Windows\SysWow64\AsIO.dll
[2010/01/22 10:17:43 | 000,014,392 | R--- | C] () -- J:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/22 10:17:41 | 000,011,832 | ---- | C] () -- J:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/01/22 10:17:41 | 000,010,216 | ---- | C] () -- J:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/01/22 10:12:26 | 000,033,124 | ---- | C] () -- J:\Windows\Ascd_log.ini
[2010/01/22 10:11:53 | 000,001,769 | ---- | C] () -- J:\Windows\Language_trs.ini
[2010/01/22 10:11:50 | 000,028,232 | ---- | C] () -- J:\Windows\Ascd_tmp.ini
[2009/10/15 09:06:26 | 000,000,170 | ---- | C] () -- J:\Program Files (x86)\appprofiles.reg
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- J:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- J:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- J:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- J:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- J:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- J:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- J:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- J:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- J:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/18 22:35:10 | 000,049,152 | R--- | C] () -- J:\Windows\DAOD.exe
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- J:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelFrench.dll
[2002/09/17 17:45:00 | 000,119,808 | ---- | C] () -- J:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2012/02/07 10:26:47 | 000,000,000 | ---D | M] -- J:\ProgramData\AMD
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Application Data
[2010/08/22 08:20:17 | 000,000,000 | ---D | M] -- J:\ProgramData\BioWare
[2012/01/30 12:49:20 | 000,000,000 | ---D | M] -- J:\ProgramData\Cadsoft
[2010/10/21 09:23:39 | 000,000,000 | ---D | M] -- J:\ProgramData\CanonIJPLM
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Documents
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Dokumente
[2011/05/02 07:30:07 | 000,000,000 | ---D | M] -- J:\ProgramData\EA Core
[2011/05/02 07:31:59 | 000,000,000 | ---D | M] -- J:\ProgramData\Electronic Arts
[2010/05/16 09:42:30 | 000,000,000 | ---D | M] -- J:\ProgramData\elsterformular
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favorites
[2011/11/21 04:45:48 | 000,000,000 | ---D | M] -- J:\ProgramData\GARMIN
[2012/02/24 01:02:42 | 000,000,000 | ---D | M] -- J:\ProgramData\gema
[2011/04/12 01:33:27 | 000,000,000 | ---D | M] -- J:\ProgramData\Media Get LLC
[2010/11/05 11:06:06 | 000,000,000 | ---D | M] -- J:\ProgramData\NETg
[2011/04/30 02:53:39 | 000,000,000 | ---D | M] -- J:\ProgramData\Nitro PDF
[2011/04/29 12:20:08 | 000,000,000 | ---D | M] -- J:\ProgramData\regid.1986-12.com.adobe
[2010/01/22 13:02:01 | 000,000,000 | ---D | M] -- J:\ProgramData\ScanSoft
[2011/07/09 04:51:13 | 000,000,000 | ---D | M] -- J:\ProgramData\SimCity Societies
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Start Menu
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Templates
[2011/01/08 12:09:49 | 000,000,000 | ---D | M] -- J:\ProgramData\Tunngle
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Vorlagen
[2012/02/16 04:02:09 | 000,032,640 | ---- | M] () -- J:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

markusg 24.02.2012 11:07
hi, immer mit der ruhe, schlafen muss ich auch manchmal :-)
danke für den upload,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKU\Frank_ON_J Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\gema\gema.exe) -  File not found
O20 - HKU\Susi_ON_J Winlogon: Shell - (C:\Users\Susi\AppData\Roaming\gema\gema.exe) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Ghostrider1 24.02.2012 13:07
Code:
OTL logfile created on: 2/24/2012 12:58:20 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = J: | %SystemRoot% = J:\Windows | %ProgramFiles% = J:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 369.91 Gb Free Space | 79.44% Space Free | Partition Type: FAT32
Drive E: | 7.47 Gb Total Space | 6.98 Gb Free Space | 93.40% Space Free | Partition Type: FAT32
Drive F: | 7.40 Gb Total Space | 5.65 Gb Free Space | 76.24% Space Free | Partition Type: FAT32
Drive J: | 58.59 Gb Total Space | 16.73 Gb Free Space | 28.56% Space Free | Partition Type: NTFS
Drive K: | 407.07 Gb Total Space | 223.72 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/01/16 03:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto] -- J:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto] -- J:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/05 16:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/11 00:08:22 | 003,340,064 | ---- | M] () [Auto] -- J:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- J:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 04:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto] -- J:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/11 07:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 07:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- J:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/28 11:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto] -- J:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/04/21 19:28:00 | 003,570,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- J:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- J:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- J:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/23 09:01:12 | 000,066,872 | ---- | M] () [Auto] -- J:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- J:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 04:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- J:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/11/10 01:12:28 | 000,099,936 | ---- | M] () [Auto] -- J:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/11 08:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- J:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 08:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- J:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 00:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/06 05:27:01 | 000,314,016 | ---- | M] () [Kernel | Auto] -- J:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/03/06 05:26:59 | 000,043,680 | ---- | M] () [Kernel | Auto] -- J:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- J:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/29 03:50:30 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto] -- J:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/10/29 03:45:34 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- J:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009/09/30 09:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 00:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- J:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- J:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 03:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/28 11:47:38 | 000,025,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009/05/28 10:47:38 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/05/25 10:32:08 | 000,198,784 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\vmuvc.sys -- (VMUVC)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- J:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 20:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- J:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- J:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/01 04:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2009/10/28 00:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- J:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2004/12/30 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- J:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Frank_ON_J\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKU\Frank_ON_J\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_J\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\Frank_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Frank_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
 
 
IE - HKU\Susi_ON_J\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Susi_ON_J\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: J:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: J:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: J:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Webzen.com/NPGameWebStarter: J:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: J:\Program Files (x86)\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Firefox\plugins
 
[2010/01/22 12:42:11 | 000,000,000 | ---D | M] (No name found) -- J:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (No name found) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions
[2011/11/24 07:47:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/13 12:02:28 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/08/02 06:17:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/06 05:39:31 | 000,000,000 | ---D | M] (Conduit Engine) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\engine@conduit.com
[2011/12/17 17:05:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- J:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\extensions\toolbar@ask.com
File not found (No name found) --
 
O1 HOSTS File: ([2011/02/25 10:41:38 | 000,003,471 | ---- | M]) - J:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.*
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 65 more lines...
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - J:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - J:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Frank_ON_J\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - J:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\Frank_ON_J\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - J:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IntelliPoint] J:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] J:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3200 Scan2PC] J:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [ApnUpdater] J:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] J:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [gema.]  File not found
O4 - HKLM..\Run: [HDAudDeck] J:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] J:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] J:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Frank_ON_J..\Run: [Akamai NetSession Interface] J:\Users\Frank\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Frank_ON_J..\Run: [gema]  File not found
O4 - HKU\Frank_ON_J..\Run: [mapdisk]  File not found
O4 - HKU\Frank_ON_J..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_J..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Susi_ON_J..\Run: [gema]  File not found
O4 - HKU\LocalService_ON_J..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_J..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Frank_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Susi_ON_J\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - J:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - J:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Frank_ON_J Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Susi_ON_J Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8c89c8cf-7630-11df-94b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c89c8cf-7630-11df-94b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4270c6d-0766-11df-9158-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/24 12:34:44 | 000,000,000 | ---D | C] -- J:\_OTL
[2012/02/24 01:02:42 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Roaming\gema
[2012/02/24 01:02:42 | 000,000,000 | ---D | C] -- J:\ProgramData\gema
[2012/02/23 21:54:40 | 002,237,440 | R--- | C] (OldTimer Tools) -- J:\OTLPE.exe
[2012/02/23 13:06:04 | 000,000,000 | ---D | C] -- J:\Users\Susi\AppData\Roaming\gema
[2012/02/23 12:51:49 | 000,331,776 | ---- | C] (Promise Technology, Inc.) -- J:\Windows\System32\gema.exe
[2012/02/22 11:52:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{20344EB2-E522-4412-80A5-3FFED3C47FCD}
[2012/02/22 11:51:59 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{07059E73-8E21-46A5-8516-8D7D9FEA56F8}
[2012/02/21 12:20:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{47B6700E-988A-4A89-A754-4A56C5CA6A46}
[2012/02/21 00:16:43 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{3DFDC237-4F59-4F38-B05F-98FC09C52638}
[2012/02/21 00:16:32 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E6C995E2-BFC6-4DD8-9CE7-23C5857B0C65}
[2012/02/21 00:09:53 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{351E5B6A-BA24-4E43-9C89-79EB6B4F2D72}
[2012/02/20 11:02:21 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F1672412-22A3-4E1C-BD25-F37F86DB131B}
[2012/02/20 11:02:09 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{DA71FF2C-BC09-438F-9985-81B94AD35892}
[2012/02/19 16:22:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{7DC1B33F-6155-4537-A7AA-BC3E69DC2A22}
[2012/02/19 16:22:02 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{3159A7AC-1306-4AD9-9E44-9189EC9ACA80}
[2012/02/19 03:41:38 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{72E6CDED-46D1-4244-8192-9A7354D97C2B}
[2012/02/19 03:41:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{637528F2-CBDE-44F3-9851-3042DF9F8A49}
[2012/02/17 11:10:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4009F083-6397-4FD0-96FA-209AEA7D8AF0}
[2012/02/17 11:09:44 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D1A675E9-F09A-4236-8CF8-FAAE8A6C297A}
[2012/02/17 00:14:26 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4B0B5012-9F15-497E-B94C-19366F69C582}
[2012/02/16 04:09:11 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F86D3D64-C520-4778-A266-55311BE1DF5C}
[2012/02/16 04:08:58 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{01A3B039-08E0-4206-844B-AD22D5C3429E}
[2012/02/16 04:08:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ntshrui.dll
[2012/02/16 04:08:32 | 000,515,584 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\timedate.cpl
[2012/02/16 04:08:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\timedate.cpl
[2012/02/16 04:08:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msvcrt.dll
[2012/02/16 04:08:20 | 000,702,464 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\msfeeds.dll
[2012/02/16 04:08:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\msfeeds.dll
[2012/02/16 04:08:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ieui.dll
[2012/02/16 04:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ieui.dll
[2012/02/16 04:08:19 | 000,134,144 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\url.dll
[2012/02/16 04:08:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\url.dll
[2012/02/16 04:08:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\mshtmled.dll
[2012/02/16 04:08:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\mshtmled.dll
[2012/02/15 04:19:19 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{2C7A8AAA-42FB-4CF5-B654-CE8F86EE0DDA}
[2012/02/15 04:19:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0DD1174C-8924-417D-AC35-2C3ED0C96338}
[2012/02/14 04:29:40 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{DEB43ED2-0273-4FD1-BF07-064D64666BB7}
[2012/02/14 04:29:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0F2A03D8-57F4-4E6A-B5F6-98182A7B1983}
[2012/02/13 04:32:35 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5A25F15B-E29B-48BD-B73E-289F5CE58E0F}
[2012/02/13 04:32:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D7CF812C-30BC-457A-85B8-98FF18002927}
[2012/02/13 04:19:24 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E5166265-01D7-4BAB-895D-F16B78D2AA88}
[2012/02/13 04:19:08 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D8CF084C-5C36-4DB8-A9E2-14FBAAA7CDE1}
[2012/02/12 12:42:44 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{7562FA57-85D1-4C77-9C5E-02406FA8DC95}
[2012/02/12 12:42:31 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D5004C24-AFB9-4910-BB9D-342837BB4CEF}
[2012/02/12 12:41:47 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/11 16:28:07 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8D8B50C0-AD2A-4256-8F97-BA0DC0551842}
[2012/02/11 16:27:55 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{AB4B733F-B9CF-46D0-94DF-A9937A9470D0}
[2012/02/10 23:53:26 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8E02B4EB-DA66-4577-8189-A2EED29CD6C9}
[2012/02/10 23:53:14 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{473EF921-B4F8-4486-BE26-5C41D5C26DD6}
[2012/02/10 23:19:52 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F6FA3787-F0FB-4EA0-81B6-D72D2B3288F0}
[2012/02/10 06:12:07 | 000,000,000 | ---D | C] -- J:\Users\Susi\Desktop\Hausbau
[2012/02/10 02:31:20 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5A47CE92-2DAC-4A06-949E-C29B5A57BFB6}
[2012/02/10 02:30:57 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F26D6B8B-7B7A-445F-9644-60A7AE117D77}
[2012/02/09 01:14:35 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{E0A1BD14-8346-4FE3-934D-4882E10FA534}
[2012/02/09 01:14:23 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{B83531FF-F4D6-4E22-9E1C-03F7EC3FCD9F}
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\Nitro PDF
[2012/02/08 12:12:49 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Common Files\Nitro PDF
[2012/02/08 00:28:18 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{44DF75F5-3436-442E-A8DF-D3F2706DFEBE}
[2012/02/08 00:27:55 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{6D49444E-212B-4AA0-9F26-CED2F3C9B054}
[2012/02/07 10:27:33 | 000,000,000 | ---D | C] -- J:\ProgramData\ATI
[2012/02/07 10:27:30 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\AMD APP
[2012/02/07 10:27:15 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/07 10:23:17 | 000,000,000 | ---D | C] -- J:\AMD
[2012/02/07 10:14:45 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{17C24C01-156B-4E6F-90CA-6D8FA8250451}
[2012/02/07 10:14:32 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D84D0F36-AB6F-421B-8E54-5958494215E4}
[2012/02/06 12:51:29 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{5C60BF8A-F90E-4A6D-862A-6DF8C2008A1A}
[2012/02/06 12:51:17 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0038E774-F4A2-49F5-B6D9-B0899D2DA70C}
[2012/02/05 22:58:24 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{09384AEC-31FC-4CBE-B05D-922FCE9412CD}
[2012/02/05 22:58:01 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{0EBFC24F-2E15-42A9-AA9F-9C16C7123EEC}
[2012/02/05 09:32:02 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{009332B6-B0A7-44D3-BD89-FDDBC4B8BA69}
[2012/02/05 09:31:50 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8BD7CECD-5D67-44F1-B12B-ADEC0550E07B}
[2012/02/05 09:11:59 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{AA8D3963-25BB-4267-988C-4ACB60A8E18E}
[2012/02/05 09:11:48 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{602F1680-790F-4685-B51F-26A8623DDB2D}
[2012/02/05 02:13:51 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{A922D653-ACD4-45B6-8873-7B9C71C1178B}
[2012/02/05 02:13:28 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{23ADEA6E-AEF1-4622-99FB-E7E82E6F2C41}
[2012/02/04 04:58:32 | 000,000,000 | ---D | C] -- J:\Users\Frank\Desktop\Hausbau
[2012/02/04 04:58:05 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{705875F8-FEEE-4465-9F2E-D69FA1D7E0C5}
[2012/02/04 04:57:53 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{FD239A2E-2A2E-4048-AB3B-AF627C91E1CF}
[2012/02/03 11:05:03 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4EFC2246-4FBF-494C-9E13-58C0972D2E1B}
[2012/02/03 11:04:39 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{B5ED75A3-D1FB-4C93-B79F-CF0A958D4913}
[2012/02/02 14:31:28 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{CB924D3E-D043-4693-A4BE-C9D747B20022}
[2012/02/02 14:31:16 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{9C0F9A18-5F2C-479B-9C66-8B8BAEE0EB87}
[2012/02/01 23:40:00 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{A6E6B7D5-1B52-486D-B3BC-5FCDE2025BB0}
[2012/02/01 23:39:48 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{6357B1C6-39C3-45A8-AAD8-3A2B280DD437}
[2012/01/31 23:43:05 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D91465BF-54A0-42B9-A33C-EBDD1493058E}
[2012/01/31 23:42:42 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{2A680B3E-8785-4A7E-94C5-9AB125BACD9C}
[2012/01/30 12:50:12 | 000,000,000 | ---D | C] -- J:\Users\Frank\Documents\Envisioneer Express 5.0
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[2012/01/30 12:50:10 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Cadsoft
[2012/01/30 12:49:20 | 000,000,000 | ---D | C] -- J:\ProgramData\Cadsoft
[2012/01/30 12:04:57 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{16D6A1AD-44CA-4107-9B92-1CB0DEC52968}
[2012/01/30 12:04:45 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{FF783E20-0010-467E-A9D9-3D4287C5FD36}
[2012/01/29 23:43:36 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{F9069637-BCC6-4D63-A499-DAD9EF7D8D68}
[2012/01/29 23:43:25 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{4A2829B6-8D2D-4FB8-9561-6BCCA6D9AC28}
[2012/01/29 02:55:25 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{C831A865-BD49-4D62-B866-30D976D86F18}
[2012/01/29 02:55:03 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{9F5D6451-C958-4BE7-8797-CBB8698DFED5}
[2012/01/28 04:23:19 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{D43186DC-7ACF-4896-9095-FD34DFBB5FE1}
[2012/01/27 12:28:01 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{EAF7C47D-98BC-4FBA-9BA5-5070EB99F549}
[2012/01/27 12:27:36 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{C7D3D987-19CC-4900-B1C4-A66D7C19A3A8}
[2012/01/26 00:42:54 | 001,447,936 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\lsasrv.dll
[2012/01/26 00:42:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\webio.dll
[2012/01/26 00:42:54 | 000,314,880 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\webio.dll
[2012/01/26 00:42:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\sspicli.dll
[2012/01/26 00:42:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\sspisrv.dll
[2012/01/26 00:42:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\secur32.dll
[2012/01/26 00:41:39 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{8892C37B-F3B7-4EE2-A7DF-FDD0FA1BDD14}
[2012/01/26 00:41:16 | 000,000,000 | ---D | C] -- J:\Users\Frank\AppData\Local\{56647F55-559F-4538-95F8-E9D986FF7861}
[2011/11/10 14:01:28 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- J:\Program Files (x86)\atiapfxx.exe
[2011/11/10 14:01:24 | 000,004,096 | ---- | C] (Advanced Micro Devices, Inc.) -- J:\Program Files (x86)\Version.dll
[3 J:\Users\Frank\AppData\Local\*.tmp files -> J:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/24 06:50:31 | 000,067,584 | --S- | M] () -- J:\Windows\bootstat.dat
[2012/02/24 06:50:22 | 000,000,000 | ---- | M] () -- J:\Windows\SysWow64\Access.dat
[2012/02/24 06:49:19 | 000,014,608 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 06:49:19 | 000,014,608 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 06:42:29 | 000,001,104 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 06:41:54 | 2146,836,479 | -HS- | M] () -- J:\hiberfil.sys
[2012/02/24 05:04:00 | 000,001,108 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 04:36:27 | 000,177,009 | ---- | M] () -- J:\Users\Frank\Desktop\handy.JPG
[2012/02/23 16:09:07 | 000,654,150 | ---- | M] () -- J:\Windows\System32\perfh007.dat
[2012/02/23 16:09:07 | 000,616,032 | ---- | M] () -- J:\Windows\System32\perfh009.dat
[2012/02/23 16:09:07 | 000,130,022 | ---- | M] () -- J:\Windows\System32\perfc007.dat
[2012/02/23 16:09:07 | 000,106,412 | ---- | M] () -- J:\Windows\System32\perfc009.dat
[2012/02/23 12:51:48 | 000,331,776 | ---- | M] (Promise Technology, Inc.) -- J:\Windows\System32\gema.exe
[2012/02/21 15:28:06 | 000,018,897 | ---- | M] () -- J:\Users\Frank\Desktop\Lightbarssafe.zip
[2012/02/21 14:20:16 | 000,003,029 | ---- | M] () -- J:\Users\Frank\Desktop\starshooter.zip
[2012/02/21 07:14:43 | 093,183,869 | ---- | M] () -- J:\Users\Frank\Desktop\Mein Film.wmv
[2012/02/19 16:31:57 | 228,001,052 | ---- | M] () -- J:\Users\Frank\Desktop\blaulichtinaction.wmv
[2012/02/19 00:54:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- J:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/16 10:57:24 | 004,900,800 | ---- | M] () -- J:\Windows\System32\FNTCACHE.DAT
[2012/02/15 04:27:09 | 000,132,320 | ---- | M] (Avira GmbH) -- J:\Windows\System32\drivers\avipbb.sys
[2012/02/12 12:41:48 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/09 01:32:44 | 000,034,927 | ---- | M] () -- J:\Users\Frank\Desktop\Extra_Konto_5515388749_Kontoauszug_20120104.pdf
[2012/02/09 01:30:00 | 000,202,196 | ---- | M] () -- J:\Users\Frank\Desktop\Extra_Konto_5515333898_Kontoauszug_20120104-1.markiert.pdf
[2012/02/08 12:12:50 | 000,002,483 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/07 10:27:15 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/02/03 13:28:23 | 000,000,769 | ---- | M] () -- J:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 14:23:57 | 000,012,722 | ---- | M] () -- J:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2012/02/01 00:23:41 | 000,002,441 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/31 23:48:57 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadsoft
[3 J:\Users\Frank\AppData\Local\*.tmp files -> J:\Users\Frank\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/24 05:38:02 | 000,177,009 | ---- | C] () -- J:\Users\Frank\Desktop\handy.JPG
[2012/02/21 15:28:06 | 000,018,897 | ---- | C] () -- J:\Users\Frank\Desktop\Lightbarssafe.zip
[2012/02/21 14:16:28 | 000,003,029 | ---- | C] () -- J:\Users\Frank\Desktop\starshooter.zip
[2012/02/21 07:13:42 | 093,183,869 | ---- | C] () -- J:\Users\Frank\Desktop\Mein Film.wmv
[2012/02/19 16:29:02 | 228,001,052 | ---- | C] () -- J:\Users\Frank\Desktop\blaulichtinaction.wmv
[2012/02/09 01:33:57 | 000,034,927 | ---- | C] () -- J:\Users\Frank\Desktop\Extra_Konto_551xxxxx_Kontoauszug_20120104.pdf
[2012/02/09 01:29:05 | 000,202,196 | ---- | C] () -- J:\Users\Frank\Desktop\Extra_Konto_551xxxxx_Kontoauszug_20120104-1.markiert.pdf
[2012/02/08 12:12:50 | 000,002,483 | ---- | C] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/01 00:23:41 | 000,002,441 | ---- | C] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/09 04:10:58 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{7923590C-C6FE-4549-B96B-8B13E572C390}
[2012/01/09 04:09:15 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{4416FFE3-F7C8-466E-AA51-2AAFAFE53058}
[2012/01/09 04:08:17 | 000,000,000 | ---- | C] () -- J:\Users\Frank\AppData\Local\{5CB5ECA1-01BA-4507-A34C-4106A521EAA8}
[2011/12/05 16:04:00 | 000,059,904 | ---- | C] () -- J:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 16:03:52 | 000,054,784 | ---- | C] () -- J:\Windows\SysWow64\OVDecode.dll
[2011/11/10 14:01:34 | 000,212,472 | ---- | C] () -- J:\Program Files (x86)\atiapfxx.blb
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- J:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- J:\Windows\SysWow64\ativvsva.dat
[2011/10/25 15:21:34 | 000,056,832 | ---- | C] () -- J:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- J:\Windows\SysWow64\atipblag.dat
[2011/08/26 17:21:30 | 000,042,392 | ---- | C] () -- J:\Windows\SysWow64\xfcodec.dll
[2011/05/12 09:24:49 | 000,151,552 | ---- | C] () -- J:\Windows\SysWow64\nvRegDev.dll
[2011/05/12 09:24:38 | 000,061,440 | ---- | C] () -- J:\Windows\SysWow64\nvPhotoshopUtil.dll
[2011/05/12 09:24:38 | 000,040,960 | ---- | C] () -- J:\Windows\SysWow64\nvISWOW64.dll
[2011/05/10 14:27:03 | 000,000,132 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/05/10 04:20:40 | 000,007,168 | ---- | C] () -- J:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 10:16:21 | 000,000,132 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/24 10:08:17 | 000,819,200 | ---- | C] () -- J:\Windows\SysWow64\xvidcore.dll
[2011/03/24 10:08:17 | 000,180,224 | ---- | C] () -- J:\Windows\SysWow64\xvidvfw.dll
[2011/03/23 11:39:07 | 000,252,928 | ---- | C] () -- J:\Windows\SysWow64\DShowRdpFilter.dll
[2010/12/29 10:16:54 | 000,000,056 | -H-- | C] () -- J:\Windows\SysWow64\ezsidmv.dat
[2010/12/22 06:37:07 | 000,012,358 | ---- | C] () -- J:\Users\Susi\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:22 | 000,012,722 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\SmarThruOptions.xml
[2010/12/20 15:52:11 | 000,036,864 | ---- | C] () -- J:\Windows\SysWow64\SvcMan.exe
[2010/12/20 15:51:57 | 000,000,136 | ---- | C] () -- J:\Windows\Readiris.ini
[2010/12/20 15:51:55 | 000,023,040 | ---- | C] () -- J:\Windows\SysWow64\irisco32.dll
[2010/12/20 15:49:01 | 000,484,656 | ---- | C] () -- J:\Windows\ssndii.exe
[2010/12/20 15:48:43 | 000,116,016 | ---- | C] () -- J:\Windows\Wiainst.exe
[2010/07/11 13:54:09 | 000,000,069 | ---- | C] () -- J:\Windows\NeroDigital.ini
[2010/07/09 05:12:46 | 000,007,597 | ---- | C] () -- J:\Users\Frank\AppData\Local\resmon.resmoncfg
[2010/04/14 14:10:59 | 000,000,000 | ---- | C] () -- J:\Windows\SysWow64\Access.dat
[2010/02/15 13:44:34 | 000,000,152 | ---- | C] () -- J:\Users\Frank\AppData\Roaming\default.rss
[2010/01/23 09:01:13 | 000,107,832 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrB.exe
[2010/01/23 09:01:12 | 002,250,024 | ---- | C] () -- J:\Windows\SysWow64\pbsvc.exe
[2010/01/23 09:01:12 | 000,066,872 | ---- | C] () -- J:\Windows\SysWow64\PnkBstrA.exe
[2010/01/22 13:02:07 | 000,000,424 | ---- | C] () -- J:\Windows\MAXLINK.INI
[2010/01/22 12:24:36 | 000,002,419 | ---- | C] () -- J:\Windows\cdplayer.ini
[2010/01/22 10:48:36 | 000,000,400 | ---- | C] () -- J:\Windows\ODBC.INI
[2010/01/22 10:24:33 | 000,000,000 | ---- | C] () -- J:\Windows\ativpsrm.bin
[2010/01/22 10:17:43 | 000,024,576 | R--- | C] () -- J:\Windows\SysWow64\AsIO.dll
[2010/01/22 10:17:43 | 000,014,392 | R--- | C] () -- J:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/22 10:17:41 | 000,011,832 | ---- | C] () -- J:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/01/22 10:17:41 | 000,010,216 | ---- | C] () -- J:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/01/22 10:12:26 | 000,033,124 | ---- | C] () -- J:\Windows\Ascd_log.ini
[2010/01/22 10:11:53 | 000,001,769 | ---- | C] () -- J:\Windows\Language_trs.ini
[2010/01/22 10:11:50 | 000,028,232 | ---- | C] () -- J:\Windows\Ascd_tmp.ini
[2009/10/15 09:06:26 | 000,000,170 | ---- | C] () -- J:\Program Files (x86)\appprofiles.reg
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- J:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- J:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- J:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- J:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- J:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- J:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- J:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- J:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- J:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/18 22:35:10 | 000,049,152 | R--- | C] () -- J:\Windows\DAOD.exe
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- J:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- J:\Windows\SysWow64\AgCPanelFrench.dll
[2002/09/17 17:45:00 | 000,119,808 | ---- | C] () -- J:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2012/02/07 10:26:47 | 000,000,000 | ---D | M] -- J:\ProgramData\AMD
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Application Data
[2010/08/22 08:20:17 | 000,000,000 | ---D | M] -- J:\ProgramData\BioWare
[2012/01/30 12:49:20 | 000,000,000 | ---D | M] -- J:\ProgramData\Cadsoft
[2010/10/21 09:23:39 | 000,000,000 | ---D | M] -- J:\ProgramData\CanonIJPLM
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Documents
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Dokumente
[2011/05/02 07:30:07 | 000,000,000 | ---D | M] -- J:\ProgramData\EA Core
[2011/05/02 07:31:59 | 000,000,000 | ---D | M] -- J:\ProgramData\Electronic Arts
[2010/05/16 09:42:30 | 000,000,000 | ---D | M] -- J:\ProgramData\elsterformular
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favorites
[2011/11/21 04:45:48 | 000,000,000 | ---D | M] -- J:\ProgramData\GARMIN
[2012/02/24 01:02:42 | 000,000,000 | ---D | M] -- J:\ProgramData\gema
[2011/04/12 01:33:27 | 000,000,000 | ---D | M] -- J:\ProgramData\Media Get LLC
[2010/11/05 11:06:06 | 000,000,000 | ---D | M] -- J:\ProgramData\NETg
[2011/04/30 02:53:39 | 000,000,000 | ---D | M] -- J:\ProgramData\Nitro PDF
[2011/04/29 12:20:08 | 000,000,000 | ---D | M] -- J:\ProgramData\regid.1986-12.com.adobe
[2010/01/22 13:02:01 | 000,000,000 | ---D | M] -- J:\ProgramData\ScanSoft
[2011/07/09 04:51:13 | 000,000,000 | ---D | M] -- J:\ProgramData\SimCity Societies
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Start Menu
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Templates
[2011/01/08 12:09:49 | 000,000,000 | ---D | M] -- J:\ProgramData\Tunngle
[2010/01/22 10:09:07 | 000,000,000 | -HSD | M] -- J:\ProgramData\Vorlagen
[2012/02/16 04:02:09 | 000,032,640 | ---- | M] () -- J:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

markusg 24.02.2012 15:41
wieso postest du eig neue otl logs? du solltest mir das log des fixes posten den ich gesschrieben hab.
kommst du wieder in den normalen modus?

Ghostrider1 25.02.2012 18:54
Moin Moin.

Das mit den log habe ich verkackt. Es sollte sich eigentlich öffnen, tat es aber nicht, deswegen hatte ich ein neues gezogen. Sorry


Ich komme wieder in den normalen Modus.
Ich habe mir die Logs durchgelesen und
2x Pfad unter AppData/Roaming/GEMA gelöscht, obwohl der letzte fix diesen Pfad geleert hat
1x GEMA.exe unter Win/System32 gelöscht, da diese exe en Trojaner startet.

Ich poste morgen nochmal ein neues logfile, aber ich muss am WE meine Brötchen verdienen, deswegen komme ich heute nicht dazu.

markusg 25.02.2012 19:03
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Ghostrider1 27.02.2012 05:54
Code:
ComboFix 12-02-25.02 - Frank 27.02.2012  5:33.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6367 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\users\Public\Desktop\Scanner.lnk
c:\windows\IsUn0407.exe
P:\UnInstall.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-27 03:55 . 2012-02-08 07:14        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F94BF97E-0A4F-4D21-BCE1-656E241DFD1D}\mpengine.dll
2012-02-24 17:34 . 2012-02-24 17:34        --------        d-----w-        C:\_OTL
2012-02-24 06:02 . 2012-02-24 06:02        --------        d-----w-        c:\programdata\gema
2012-02-24 02:54 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-02-08 17:12 . 2012-02-08 17:12        --------        d-----w-        c:\program files\Common Files\Nitro PDF
2012-02-08 17:12 . 2012-02-08 17:12        --------        d-----w-        c:\program files (x86)\Common Files\Nitro PDF
2012-02-07 15:27 . 2012-02-07 15:27        --------        d-----w-        c:\programdata\ATI
2012-02-07 15:27 . 2012-02-07 15:27        --------        d-----w-        c:\program files (x86)\AMD APP
2012-02-07 15:23 . 2012-02-07 15:23        --------        d-----w-        C:\AMD
2012-01-30 17:50 . 2012-02-01 04:48        --------        d-----w-        c:\program files (x86)\Cadsoft
2012-01-30 17:49 . 2012-01-30 17:49        --------        d-----w-        c:\programdata\Cadsoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 05:54 . 2011-05-19 20:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 09:27 . 2011-10-18 08:46        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2010-01-27 05:23        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-16 08:01 . 2011-07-22 08:37        18424        ----a-w-        c:\windows\system32\nitrolocalui2.dll
2012-01-16 08:01 . 2011-07-22 08:37        30200        ----a-w-        c:\windows\system32\nitrolocalmon2.dll
2012-01-09 09:13 . 2012-01-09 09:13        0        ---ha-w-        c:\users\Frank\AppData\Local\BITF586.tmp
2012-01-09 09:11 . 2012-01-09 09:11        0        ---ha-w-        c:\users\Frank\AppData\Local\BIT5B2A.tmp
2012-01-09 09:10 . 2012-01-09 09:10        0        ---ha-w-        c:\users\Frank\AppData\Local\BITA247.tmp
2011-12-06 03:45 . 2011-12-06 03:45        10720256        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18        25371136        ----a-w-        c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-12-06 03:17        778752        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-03-09 04:55        933888        ----a-w-        c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12        494080        ----a-w-        c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11        235520        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10        360448        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-12-06 03:06        6159872        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56        19125760        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-11-04 15:31        7520768        ----a-w-        c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39        4072960        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34        13738496        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-12-06 02:33        5919232        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29        11484672        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-12-06 02:28        4206592        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24        7511040        ----a-w-        c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-03-09 04:11        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13        509952        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        356352        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        327168        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-03-09 04:17        42496        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-12-06 02:11        33280        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-03-09 04:16        39936        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-12-06 02:11        29696        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04        69632        ----a-w-        c:\windows\system32\OpenVideo64.dll
2011-12-05 21:04 . 2011-12-05 21:04        59904        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03        61952        ----a-w-        c:\windows\system32\OVDecode64.dll
2011-12-05 21:03 . 2011-12-05 21:03        54784        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03        17580544        ----a-w-        c:\windows\system32\amdocl64.dll
2011-12-05 21:03 . 2011-12-05 21:03        14499328        ----a-w-        c:\windows\SysWow64\amdocl.dll
2011-11-10 19:01 . 2011-11-10 19:01        159744        ----a-w-        c:\program files (x86)\atiapfxx.exe
2011-11-10 19:01 . 2011-11-10 19:01        4096        ----a-w-        c:\program files (x86)\Version.dll
2009-10-15 14:06 . 2009-10-15 14:06        170        ----a-w-        c:\program files (x86)\appprofiles.reg
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 10:53        2349080        ----a-w-        c:\program files (x86)\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20        1515688        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"mapdisk"="d:\programme\Arma 2 Tools\ArmAWork\mapdisk.bat" [2011-06-09 49]
"Akamai NetSession Interface"="c:\users\Frank\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-04 618496]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dump_wmimmc;dump_wmimmc;d:\spiele\Archlord\Webzen\ArchLord\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-01-16 343032]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-29 11576]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 TunngleService;TunngleService;d:\programme\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [x]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 21:27]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 21:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=17434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Free YouTube Download - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programme\ICQ\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\hng4slfa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.goggle.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-gema - c:\users\Frank\AppData\Roaming\gema\gema.exe
Wow6432Node-HKLM-Run-gema. - c:\programdata\gema\gema.exe
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AudioCon - d:\programme\AudioCon\Uninstall.exe
AddRemove-BattlEye - d:\spiele\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - d:\spiele\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - d:\spiele\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-BI's Tools drive - d:\programme\Arma 2 Tools\ArmAWork\UnInstall.exe
AddRemove-CAA1 - d:\spiele\arma2\_CAA\CAA1 uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3951796937-2282281407-2526800677-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:72,2b,11,a3,70,ce,4b,1c,ef,ae,02,47,80,30,9a,cb,70,0a,a4,35,e8,fb,43,
  52,34,c7,8f,8c,3b,49,ad,18,29,d4,86,c2,40,63,2d,ff,40,f0,d2,64,b0,cd,af,9d,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
[HKEY_USERS\S-1-5-21-3951796937-2282281407-2526800677-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,7d,f4,6f,0a,2a,d4,ae,2e,e6,ef,ab,61,ee,12,44,3a,1d,d0,3d,e9,
  fe,f8,5d,30,8d,0c,f6,b0,98,4b,6e,b7,8c,40,90,f3,ba,f3,63,9b,15,fa,42,8f,bd,\
"rkeysecu"=hex:65,c9,91,4f,00,9c,6a,0b,39,f1,b5,94,a7,cd,ef,bf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-27  05:51:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-27 04:51
.
Vor Suchlauf: 12 Verzeichnis(se), 19.302.572.032 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.994.749.440 Bytes frei
.
- - End Of File - - 70B31761917ECB5D06D20E7F44355043

markusg 27.02.2012 11:28
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Ghostrider1 29.02.2012 06:22
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frank :: FESTRECHNER [Administrator]

29.02.2012 06:23:11
mbam-log-2012-02-29 (06-23-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 501651
Laufzeit: 56 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Sollte jetzt sauber sein

markusg 29.02.2012 12:31
hi,

lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Ghostrider1 29.02.2012 13:06
Code:
//benötigt
//nicht_benötigt
//unbekannt
Addon Sync 2009        YomaTools        04.08.2010        7,40MB        1.0.63 //benötigt
Adobe AIR        Adobe Systems Inc.        28.04.2011                1.5.3.9120 //benötigt
Adobe Community Help        Adobe Systems Incorporated        28.04.2011                3.0.0.400 //benötigt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        27.01.2010                10.0.42.34 //benötigt
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        18.02.2012        6,00MB        11.1.102.62 //benötigt
Adobe Media Player        Adobe Systems Incorporated        28.04.2011                1.8 //benötigt
Adobe Photoshop CS5        Adobe Systems Incorporated        28.04.2011        2.595MB        12.0
Adobe Reader X (10.1.2) - Deutsch        Adobe Systems Incorporated        31.01.2012        121,0MB        10.1.2 //benötigt
Akamai NetSession Interface                19.12.2011        //unbekannt       
Akamai NetSession Interface Service                09.11.2011        //unbekannt       
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.        06.02.2012        26,3MB        3.0.859.0 //benötigt
ArchLord        NHN Games        03.06.2010        //benötigt       
ARMA 2 Operation Arrowhead Uninstall                05.08.2010 //benötigt               
ArmA2 Uninstall                21.01.2010        //benötigt       
Ask Toolbar        Ask.com        16.12.2011        4,51MB        1.13.1.0 //benötigt, sonst spint AntiVir
Audacity 1.3.13 (Unicode)        Audacity Team        20.04.2011        40,2MB        //benötigt
AudioCon        Basement Softworks        01.08.2011                1.0 //teilweise benötigt
Audiograbber 1.83 SE        Audiograbber Deutschland        29.02.2012                1.83 SE //benötigt
AutoHotkey 1.0.91.05        AutoHotkey Community        09.01.2011                1.0.91.05 //unbekannt
Avira Free Antivirus        Avira        14.02.2012        104,8MB        12.0.0.898 //benötigt
BattlEye for OA Uninstall                28.08.2010 //benötigt
BattlEye Uninstall                22.12.2011 //benötigt       
BI's Tools drive Uninstall                20.04.2011 //benötigt               
BinMake Uninstall                20.04.2011 //benötigt               
BinPBO Personal Edition Uninstall                20.04.2011 //benötigt               
BitTorrent        BitTorrent, Inc        08.02.2010                6.4.0 //benötigt
CAA1        kju        03.02.2011                2009-08-21 //unbekannt
CCleaner        Piriform        28.02.2012                3.16 //benötigt
Compatibility Pack für 2007 Office System        Microsoft Corporation        04.01.2012        72,4MB        12.0.6514.5001 //benötigt
Die Gilde 2        JoWooD        22.01.2010        2.176MB        1.20 //benötigt
Dragon Age II        Electronic Arts, Inc.        01.05.2011        6.038MB        1.00 //benötigt
Dragon Age: Origins        Electronic Arts,  Inc.        20.12.2010                1.04 //benötigt
Dungeon Siege                05.04.2011 //benötigt               
EAX4 Unified Redist        Creative Labs        31.07.2010        0,16MB        4.001
ElsterFormular        Landesfinanzdirektion Thüringen        15.05.2010        132.984MB        11.4.1.4323
Envisioneer Express 5.0        Cadsoft Corporation        29.01.2012        332MB        5.0 //benötigt
EPU-4 Engine                21.01.2010                1.00.29 //benötigt
Far Cry 2        Ubisoft        22.01.2010 //benötigt                1.03.00 //benötigt
FileZilla Client 3.5.3        FileZilla Project        12.01.2012        16,6MB        3.5.3 //benötigt
FontToTga Uninstall                08.06.2011        //benötigt       
Fraps (remove only)                13.02.2011        //benötigt       
Free Audio CD Burner version 1.2        DVDVideoSoft Limited.        09.03.2010 //benötigt               
Free YouTube Download version 3.0.16.923        DVDVideoSoft Ltd.        30.10.2011        39,0MB        //benötigt
Free YouTube to MP3 Converter version 3.10.11.923        DVDVideoSoft Ltd.        30.10.2011        42,4MB        //benötigt
FSM Editor Personal Edition Uninstall                08.06.2011 //benötigt               
Garmin City Navigator Europe NT 2010.30 Update        Garmin Ltd or its subsidiaries        22.01.2010        2.250MB        13.30.0.0 //benötigt
Garmin Communicator Plugin        Garmin Ltd or its subsidiaries        22.01.2010        10,7MB        2.9.1 //benötigt
Garmin Lifetime Updater        Garmin        20.11.2011        38,1MB        2.0.12 //benötigt
Garmin USB Drivers        Garmin Ltd or its subsidiaries        22.01.2010        0,12MB        2.3.0.0 //benötigt
GIMP 2.6.11        The GIMP Team        21.12.2010        107,7MB        2.6.11 //benötigt
Google Chrome        Google Inc.        22.11.2010                17.0.963.56 //wollte ich mal testen
Google Earth        Google        19.11.2011        92,7MB        6.1.0.5001 //benötigt
Gothic 3        JoWood        22.01.2010        3.050MB        1.0.0 //benötigt
Grand Theft Auto San Andreas        Rockstar Games        22.01.2010                1.00.00001 //benötigt
Guild 2 Patch 1.4        JoWood        22.01.2010        219MB        1.0.0 //benötigt
Hyper Lobby Pro Client version 3.9.111                18.04.2010 //nicht mehr benötig, da nicht 64bit komatibel               
ICQ7.5        ICQ        27.07.2011                7.5 //nicht mehr benötigt
IL-2 Sturmovik 1946        Ihr Firmenname        11.04.2010        4.399MB        1.00.0000 //benötigt
IZArc 3.7        Ivan Zahariev        21.01.2010                3.7 Build 1430 //benötigt
Java(TM) 6 Update 26        Sun Microsystems, Inc.        17.05.2010        94,5MB        6.0.260 //jave braucht man für jeden Mist
JDownloader        AppWork UG (haftungsbeschränkt)        14.08.2010                0.89 //benötigt
LAME v3.98.3 for Audacity                03.09.2011        1,17MB        //benötigt
LogMeIn Hamachi        LogMeIn, Inc.        11.02.2012                2.1.0.159 //wird ab und an genutzt
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        28.02.2012        17,4MB        1.60.1.1000 //benötigt
McAfee Security Scan Plus        McAfee, Inc.        25.06.2010        8,30MB        2.0.181.2 //nicht mehr benötigt
Metro 2033                14.08.2010               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        38,8MB        4.0.30319 //benötigt
Microsoft AutoRoute 2010        Microsoft Corporation        23.04.2011        1.811MB        17.0.22.1400 //benötigt
Microsoft IntelliPoint 7.0        Microsoft        21.05.2010        30,2MB        7.0.260.0 //benötigt
Microsoft IntelliType Pro 7.0        Microsoft        21.05.2010        31,8MB        7.0.260.0
Microsoft Office Access database engine 2007 (German)        Microsoft Corporation        13.09.2011        66,4MB        12.0.6425.1000
Microsoft Office XP Professional mit FrontPage        Microsoft Corporation        15.06.2011        629MB        10.0.6626.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        21.01.2010        1,72MB        3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        22.01.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        23.01.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        21.01.2010        0,69MB        8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        02.05.2011        0,57MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        22.01.2010        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        02.05.2011        0,77MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        02.05.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        11.09.2010        0,25MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        14.08.2010        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        11.04.2011        1,42MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        21.01.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        18.04.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        02.05.2011        15,1MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.10.2011        12,3MB        10.0.40219
MIKSOFT Mobile Media Converter        MIKSOFT        14.12.2011        28,7MB       
Mozilla Firefox 10.0.2 (x86 de)        Mozilla        17.02.2012        39,5MB        10.0.2
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        22.01.2010        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        23.01.2010        1,33MB        4.20.9876.0
Need for Speed Underground 2 //benötigt                15.05.2010               
Nero 9 Essentials        Nero AG        13.02.2010 //benötigt               
Nitro PDF Reader 2        Nitro PDF Software        07.02.2012        95,8MB        2.1.1.4 //benötigt
Notepad++                15.05.2011                5.9 //benötigt
NVIDIA Photoshop Plug-ins 64 bit                11.05.2011                8.50 //benötigt
NVIDIA PhysX        NVIDIA Corporation        05.03.2010        119,9MB        9.09.0203 //benötigt
Oxygen 2 Personal Edition Uninstall                10.05.2011                //benötigt
PDFCreator        Frank Heindörfer, Philip Chinery        06.04.2010                0.9.9 //benötigt
pdfforge Toolbar v4.3        Spigot, Inc.        25.02.2011        2,55MB        4.3 //benötigt
PhotoScape                25.06.2010               
PIXMA Extended Survey Program                21.01.2010        //nicht mehr benötigt       
PokerStars        PokerStars        30.01.2010        //benötigt       
PunkBuster Services        Even Balance, Inc.        22.01.2010                0.986 //benötigt
Readiris Pro 10                19.12.2010 //unbekannt               
Realtek 8136 8168 8169 Ethernet Driver        Realtek        21.01.2010                1.00.0005 //benötigt
Risen        Deep Silver        05.03.2010                1.00.0000 //benötigt
Samsung SCX-3200 Series        Samsung Electronics Co., Ltd.        19.12.2010        //benötigt       
Scan Assistant        Samsung Electronics Co., Ltd.        19.12.2010                1.01.014 //benötigt
ScanSoft OmniPage SE 4        Nuance Communications, Inc.        21.01.2010        167,8MB        15.2.0020
Sid Meier's Pirates!        Ihr Firmenname        22.01.2010        1.277MB        2.00.0000 //benötigt
SimCity 3000                09.07.2011 //benötigt               
SimCity™ Societies Reisewelten        Electronic Arts        08.07.2011        953MB        1.0.0.1 //benötigt
Six Updater        Six Projects        02.10.2011        31,8MB        2.07.0019 //benötigt
Skype Toolbars        Skype Technologies S.A.        13.02.2011        5,76MB        5.0.4137 //nicht benötigt
Skype™ 5.1        Skype Technologies S.A.        13.02.2011        22,7MB        5.1.112 //benötigt
SmarThru 4        Samsung Electronics Co., Ltd.        19.12.2010        //benötigt       
Sniper Ghost Warrior                14.08.2010                //benötigt
Sound Tools Uninstall                20.04.2011                //unbekannt
Spellforce 2 - Shadow Wars        JoWooD Productions Software AG        14.06.2010                1.00.0000 //benötigt
SpellForce 2 Shadow Wars        JoWood        14.06.2010        3.471MB        1.0.0 //benötigt
SPORE™ Labor Basisversion        Electronic Arts        08.07.2011                1.00.0000 //unbekannt
Sybex                04.11.2010        //unbekannt       
TeamSpeak 2 RC2        Dominating Bytes Design        21.01.2010                2.0.32.60 //benötigt
TeamSpeak 3 Client        TeamSpeak Systems GmbH        11.09.2010               
TeamViewer 7        TeamViewer        08.12.2011                7.0.12142 //benötigt
TexView 2 Uninstall                26.04.2011                //benötigt
Tunngle beta        Tunngle.net GmbH        07.01.2011               
Uninstall 1.0.0.1                09.03.2010        //unbekannt       
VIA Plattform-Geräte-Manager        VIA Technologies, Inc.        21.01.2010        2,62MB        1.34 //benötigt
videopower                08.05.2010                1.00.000 //benötigt
Vietcong 2                31.07.2010        //benötigt       
Vimicro USB2.0 UVC PC Camera        Vimicro Corp.        02.05.2010                2009.03.18 //benötigt
Visitor 3 Uninstall                20.04.2011        //benötigt       
Webzen Game Starter        WEBZEN        03.06.2010                1.01.1014 //benötigt
Winamp        Nullsoft, Inc        21.01.2010                5.572  //benötigt
Winamp Erkennungs-Plug-in        Nullsoft, Inc        21.01.2010        62,00KB        1.0.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)        Garmin        22.01.2010                06/03/2009 2.3.0.0 //benötigt
Windows Live Essentials        Microsoft Corporation        05.09.2011                15.4.3538.0513 //benötigt
Windows Live Sync        Microsoft Corporation        21.01.2010        2,79MB        14.0.8089.726 //benötigt
Windows Media Player Firefox Plugin        Microsoft Corp        19.03.2010        0,29MB        1.0.0.8 //benötigt
Windows Movie Maker 2.6        Microsoft Corporation        09.05.2011        8,85MB        2.6.4037.0 //benötigt
Xfire (remove only)                21.01.2010                //benötigt
XfireXO Toolbar                21.01.2010                //benötigt
Xvid 1.2.2 final uninstall        Xvid team (Koepi)        23.03.2011                1.2 //benötigt
Ich habe es mal zusätzlich anylsieren lassen. Da kommt gut was zusammen.

markusg 29.02.2012 13:50
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Ask
Hyper Lobby
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren


deinstaliere:
McAfee
pdfforge Toolbar
Skype Toolbars
XfireXO Toolbar

öffne otl, bereinigen neustart.
öffne ccleaner analysieren bereinigen neustart.
testen ob alles wie gewohnt läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131