Trojaner-Board - Bei Windows7 start - 2 mal Internet Explorer und 1 mal Windows Explorer "Desktop Weg"

Hallo Forum,

Bevor ich die logs poste, hier kurz die Vorgeschichte:

Vor ca. 2 Stunden hab ich meinen Desktop PC an gemacht, während der Prozedur in der sich alle programme öffnen die im Autostart und so drin sind, sah alles ganz normal aus. Als die Routine allerdings vorbei war, war alles weg bis auf einen Windows Explorer und 2 internet explorer Fenster, die sich nicht verbinden konnten (ie fehler "keine verbindung" und so).
Ich versuchte den Task Manager zu öffnen, welcher auch eigentlich geöffnet wurde, aber es wurden wieder nur die 2 ie fenster angezeigt und der windows Explorer.

Als ich dann auf einem Laptop der im selben Netzwerk versuchen wollte nach dem Problem zu recherchieren, öffnete sich auf dem Laptop von dem ich gerade schreibe iexplore.exe grundlos. Glücklicherweise ist der nicht auf dem neusten Stand, weil ich ihn nicht benutze, und er fragte dauernd ob ich etwas aktualisieren möchte, bevor er richtig startet, dass habe ich erstmal ignoriert weil es mir merkwürdig vor kam, der macht seit gestern nämlich schon komische Sachen.

Nach kurzer Zeit öffneten sich weitere Fenster (theoretisch, wie gesagt es blieb bei dem Pop-Up stehen ob ich irgendwas aktualisieren möchte.

Ich habe es dann mit dauerndem genervt werden hinbekommen, auf folgende 2 Treads zu stoßen.

http://www.trojaner-board.de/111750-...rojaner-2.html

http://www.trojaner-board.de/112222-...e-fenster.html

Während ich das ESET hab laufen lassen auf beiden Computern, hab ich noch ein paar eigene Dinge versucht:

1. Im Windows Ordner nach den zuletzt geänderten Dateien gesucht.
Ich hab ein paar Dinge gefunden, nach welchen ich auch gleich recherchiert habe (während der Trojaner weiterhin aktiv war und mich mit ie popups genervt hat) und bestimmte Dateien und Ordner, welche evtl. befallen sein konnten umbenannt.
---> hat nichts gebracht

2. (kleine Lösung) Ich hab dann fest gestellt, dass mir das gestern schon passiert ist, ich es aber ignoriert habe, weil es wieder auf einmal weg war, und zwar folgender maßen:
Wenn ich während der Startroutine (Während Windows schon läuft, und er Alle Prozesse startet und so) so schnell wie möglich eine Textdatei auf dem Desktop öffne und sofort irgendwas reintippe, dann kann ich später, sobald der Trojaner nach einigen Sekunden wieder aktiv ist, unter strg+alt+entf den PC herunterfahren (oder war es nur benutzer abmelden?). Wenn dann die Liste von Windows 7 angezeigt wird in der man auswählen kann zwischen "Schließen erzwingen" (war es "herunterfahren erzwingen"?) und abbrechen, drückt man schnell auf abbrechen und man ist wieder im normalen "Windows" und der Trojaner ist inaktiv (oder geschlossen?) weiss nicht.
So konnte ich dann auf dem Desktop PC dann wieder weiter machen.

3. (kleine Lösung) Ich hab außerdem festgestellt, dass man die ie fenster im Task Manager nicht ausschalten kann, "Kein Zugriff".
Wenn man aber mit dem Windows Explorer, der während der Trojaner aktiv ist auch angezeigt wird, die Eingabeaufforderung als Administrator öffnet per rechtsklick (navigieren zu windows/system32/cmd.exe), kann man mit den Befehlen TASKLIST und TASKKILL die iexplore.exe Fenster schließen.

Auf diese letzte Weise hab ich auch glaube ich heraus gefunden was genau der Trojaner war. Ich hab nämlich alle ie fenster mit "TASKKILL /F /IM iexplore.exe /T" (erzwingt das schließen dieses programms und aller unterprogramme) und nach ein paar Minuten trotzdem wieder welche bekommen.
Achja, 2 Fenster oder 3 sind übrigends trotzdem noch da gewesen.
Als ich mir dann die Tasks nochmal angeschaut habe in der Eingabeaufforderung, sah ich eine jsE1602.exe oder so ähnlich, welche ich dann auch beendet habe.
Dannach sind auch alle ie fenster verschwunden und es gab einige Minuten ruhe, dann kamen wieder welche, und ich habe in der Taskliste wieder eine Datei mit ähnlichem Namen gehabt, jsA1504.exe oder so.
Als ich diese beendet habe ging es dann erstmal (bis jetzt) ohne weitere ie fenster.
Im Taskmanager hab ich mir dann den Pfad anzeigen lassen zu dieser Datei, kurz bevor ich sie geschlossen habe, sowas wie "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\BingBar\____%20Application-q346gw-w46hhtuomr87-w5zbartv"

Leider war der Ordner Microsoft leer, als hätte etwas die Datei gelöscht nachdem ich sie beendet habe (versteckte Dateien werden angezeigt).
Um sicherzugehen dass der ordner wirklich weg ist, hab ich den Ordner BingBar angelegt und es hat funktioniert, komisch...

bis zu BingBar ist es richtig. In diesem Ordner mit der komischen Zeichenfolge war eine seltsame .js oder .jsa datei oder so.
Ab BingBar/ hab ich leider keine genaueren Informationen mehr, zu früh weg geklickt, wie gesagt der Ordner war auf einmal verschwunden nachdem ich den Prozess geschlossen habe.

Als Lösungsansätze (oder besser gesagt Symptombehandlung) zusammengefasst:

- Wenn man beim Windowsstart eine textdatei öffnet, schnell was rein schreibt, kann man nachher über strg+alt+entf herunterfahren, bei der Frage von Windows ob man das schließen erzwingen will auf abbrechen drücken, und ist wieder im "normalen Windows"

- Über die Eingabeaufforderung (als Administrator ausführen) dubiose Tasks die ähnlich wie "jsE1823.exe" schließen.

Ich hab ausdem sicherheitshalber den Ordner vom Internet Explorer umbenannt, und den Ordner BingBar selbst angelegt und schreibgeschützt (letzteres wird wohl weniger helfen aber ich probiers)

(Ich stell grad fest gestellt, dass alles was ich auf dem Desktop mache nicht angezeigt wird, z.B. neue Dateien reinkopieren oder so, über Windows Explorer schon)

Das war jetzt ein ziemlich langer Text, also komm ich mal zu den Logs:

defogger_disable.log

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 16:43 on 27/03/2012 (Rada)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

dds.txt
[CODE]
.DDS Logfile:

Code:

DDS (Ver_2011-08-26.01) - NTFSAMD64 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_22

Run by Rada at 16:43:45 on 2012-03-27

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8101.5825 [GMT 2:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\AsScrPro.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Rada\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Mouse Driver\StartAutorun.exe

C:\Program Files (x86)\Mouse Driver\KMConfig.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Mouse Driver\KMProcess.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: DealBulldog Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [NTsrv] C:\Windows\TEMP\bbtfnn\setup.exe

StartupFolder: C:\Users\Rada\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rada\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Rada\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8}\46C696E6B6 : DhcpNameServer = 82.212.62.62 192.168.0.1

TCP: Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8}\6505E4F2755424 : DhcpNameServer = 134.108.125.249 134.108.34.5 134.108.34.6

TCP: Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8}\75C414E4D2448334145383 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8}\B4E6160707D41676E6F6C69656D274163747 : DhcpNameServer = 82.212.62.62 78.42.43.62

TCP: Interfaces\{A4761996-B9E0-4FA1-B859-AE28C2B24BFD} : DhcpNameServer = 192.168.0.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: uierita - C:\Windows\system32\config\systemprofile\AppData\Local\uierita.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

{1CA1377B-DC1D-4A52-9585-6E06050FAC53}

{326E768D-4182-46FD-9C16-1449A49795F4}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{338B4DFE-2E2C-4338-9E41-E176D497299E}

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe

mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rada\AppData\Roaming\Mozilla\Firefox\Profiles\pfgl1046.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]

R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-28 13336]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [2009-8-31 1821184]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-1 2348352]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-28 2656280]

R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-13 267480]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GPU-Z;GPU-Z;C:\Users\Rada\AppData\Local\Temp\GPU-Z.sys [2011-12-30 27008]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTSUVSTOR.sys --> C:\Windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-03-27 13:26:25        99328        ----a-w-        C:\Windows\SysWow64\nL5736Kqi.com_

2012-03-27 12:56:08        --------        d-----w-        C:\Program Files (x86)\ESET

2012-03-25 15:35:31        0        --sha-w-        C:\Windows\System32\dds_trash_log.cmd

2012-03-25 15:34:26        --------        d-----we        C:\Windows\system64

2012-03-23 19:53:59        --------        d-----w-        C:\Users\Rada\riotsGamesLogs

2012-03-18 17:38:27        592824        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 17:38:27        44472        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 00:18:30        5559152        ----a-w-        C:\Windows\System32\ntoskrnl.exe

2012-03-14 00:18:30        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 00:18:30        3913584        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe

2012-03-13 21:56:28        3145728        ----a-w-        C:\Windows\System32\win32k.sys

2012-03-13 21:56:27        1544192        ----a-w-        C:\Windows\System32\DWrite.dll

2012-03-13 21:56:27        1077248        ----a-w-        C:\Windows\SysWow64\DWrite.dll

2012-03-13 21:55:18        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe

2012-03-13 21:55:18        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll

2012-03-13 21:55:18        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll

2012-03-13 21:55:10        826880        ----a-w-        C:\Windows\SysWow64\rdpcore.dll

2012-03-13 21:55:10        23552        ----a-w-        C:\Windows\System32\drivers\tdtcp.sys

2012-03-13 21:55:10        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys

2012-03-13 21:55:10        1031680        ----a-w-        C:\Windows\System32\rdpcore.dll

2012-03-09 23:52:04        --------        d-----w-        C:\Users\Rada\AppData\Roaming\LolClient

2012-03-09 23:27:43        467984        ----a-w-        C:\Windows\SysWow64\d3dx10_39.dll

2012-03-09 23:27:43        3851784        ----a-w-        C:\Windows\SysWow64\D3DX9_39.dll

2012-03-09 23:27:43        1493528        ----a-w-        C:\Windows\SysWow64\D3DCompiler_39.dll

2012-03-09 22:25:42        --------        d-----w-        C:\Users\Rada\AppData\Local\PMB Files

2012-03-09 22:25:41        --------        d-----w-        C:\ProgramData\PMB Files

2012-03-09 22:25:36        --------        d-----w-        C:\Program Files (x86)\Pando Networks

2012-03-07 15:23:11        --------        d-----w-        C:\Users\Rada\AppData\Roaming\NVIDIA

2012-03-01 14:17:41        --------        d-----w-        C:\NVIDIA

2012-03-01 07:05:15        282864        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr

2012-03-01 07:05:10        --------        d-----w-        C:\Users\Rada\AppData\Local\PunkBuster

2012-03-01 07:02:08        --------        d-----w-        C:\Program Files (x86)\Battlelog Web Plugins

2012-03-01 06:59:21        --------        d-----w-        C:\ProgramData\EA Core

2012-03-01 06:59:20        --------        d-----w-        C:\ProgramData\EA Logs

2012-03-01 06:59:07        --------        d--h--w-        C:\Program Files (x86)\Common Files\EAInstaller

2012-03-01 06:58:44        76888        ----a-w-        C:\Windows\SysWow64\PnkBstrA.exe

2012-03-01 06:58:44        282864        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe

2012-03-01 06:58:44        280904        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0

2012-03-01 05:09:01        --------        d-----w-        C:\Program Files (x86)\Origin Games

2012-03-01 05:08:47        --------        d-----w-        C:\Users\Rada\AppData\Local\Origin

2012-03-01 05:08:46        --------        d-----w-        C:\ProgramData\Origin

2012-03-01 05:08:15        --------        d-----w-        C:\Users\Rada\AppData\Roaming\Origin

2012-03-01 05:08:15        --------        d-----w-        C:\ProgramData\Electronic Arts

2012-03-01 05:08:02        --------        d-----w-        C:\Program Files (x86)\Origin

2012-02-28 00:28:29        452440        ----a-w-        C:\Windows\SysWow64\d3dx10_40.dll

.

==================== Find3M  ====================

.

2012-03-27 13:57:12        45056        ----a-w-        C:\Windows\System32\acovcnt.exe

2012-03-25 15:35:08        414368        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-10 03:14:04        6074176        ----a-w-        C:\Windows\System32\nvcpl.dll

2012-02-10 03:14:01        3089728        ----a-w-        C:\Windows\System32\nvsvc64.dll

2012-02-10 03:07:03        2561856        ----a-w-        C:\Windows\System32\nvsvcr.dll

2012-02-10 03:07:00        889664        ----a-w-        C:\Windows\System32\nvvsvc.exe

2012-02-10 03:07:00        849728        ----a-w-        C:\Windows\System32\nv3dappshext.dll

2012-02-10 03:07:00        63296        ----a-w-        C:\Windows\System32\nvshext.dll

2012-02-10 03:07:00        55616        ----a-w-        C:\Windows\System32\nv3dappshextr.dll

2012-02-10 03:07:00        118080        ----a-w-        C:\Windows\System32\nvmctray.dll

2012-02-10 03:05:59        2497985        ----a-w-        C:\Windows\System32\nvcoproc.bin

2012-02-09 19:05:44        416064        ----a-w-        C:\Windows\SysWow64\nvStreaming.exe

2012-01-12 10:52:59        472808        ----a-w-        C:\Windows\SysWow64\deployJava1.dll

2012-01-10 12:55:31        525544        ----a-w-        C:\Windows\System32\deployJava1.dll

2012-01-04 10:44:20        509952        ----a-w-        C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41        442880        ----a-w-        C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08        515584        ----a-w-        C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56        478720        ----a-w-        C:\Windows\SysWow64\timedate.cpl

.

============= FINISH: 16:44:10,11 ===============

--- --- ---

OTL.txt

OTL Logfile:

Code:

OTL logfile created on: 27.03.2012 17:09:08 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Rada\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,91 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 76,08% Memory free

15,82 Gb Paging File | 13,78 Gb Available in Paging File | 87,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 390,70 Gb Total Space | 305,94 Gb Free Space | 78,30% Space Free | Partition Type: NTFS

Drive D: | 515,81 Gb Total Space | 471,30 Gb Free Space | 91,37% Space Free | Partition Type: NTFS

Drive E: | 2,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: RADA-PC | User Name: Rada | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.27 17:06:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Rada\Desktop\OTL.exe

PRC - [2012.03.21 22:17:00 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012.03.01 09:09:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012.02.25 20:54:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe

PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rada\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.12.28 01:10:16 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.06.10 20:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2011.05.20 21:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.11.15 20:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009.09.22 12:51:56 | 000,339,968 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe

PRC - [2009.09.22 12:45:58 | 000,391,168 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe

PRC - [2009.08.31 23:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe

PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

PRC - [2008.05.30 02:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe

PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.03.21 22:16:59 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012.03.21 22:16:59 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012.03.21 22:16:59 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL

MOD - [2012.03.21 22:16:59 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012.03.21 22:16:59 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012.02.18 10:55:52 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll

MOD - [2012.02.18 10:16:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.18 10:16:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.18 10:16:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.18 10:16:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.18 10:16:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.18 10:16:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.18 10:16:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.01.12 12:54:25 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2011.12.30 06:11:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll

MOD - [2011.12.30 06:10:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.06.10 20:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll

MOD - [2011.04.28 12:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

MOD - [2011.02.19 06:23:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.20 14:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2010.11.20 14:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2008.06.16 10:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll

MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

MOD - [2007.03.29 13:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010.11.30 01:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)

SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)

SRV:64bit: - [2009.07.14 03:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\icraplus.dll -- (pdlnacom)

SRV - [2012.03.21 22:17:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.03.01 09:09:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009.08.31 23:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.02.10 06:13:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)

DRV:64bit: - [2012.02.10 06:13:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.03.26 10:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.07 21:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2011.02.16 11:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2010.11.30 01:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.30 01:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2011.12.30 08:47:39 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Rada\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)

DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 14:53:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 19:38:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.23 14:07:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.01.09 18:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rada\AppData\Roaming\mozilla\Extensions

[2012.02.01 03:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rada\AppData\Roaming\mozilla\Firefox\Profiles\pfgl1046.default\extensions

[2012.02.03 14:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\RADA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PFGL1046.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\RADA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PFGL1046.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI

() (No name found) -- C:\USERS\RADA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PFGL1046.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

[2012.03.18 19:38:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

Hosts file not found

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll File not found

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Rada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rada\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Rada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54A3B54F-52CB-4988-BBCF-BFCE41ED9BF8}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4761996-B9E0-4FA1-B859-AE28C2B24BFD}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\uierita: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\uierita.dll) - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uierita.dll ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: pdlnacom - C:\Windows\SysNative\icraplus.dll (Oak Technology Inc.)

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Rada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk - C:\PROGRA~1\Intel\TURBOB~1\SIGNAL~1.EXE - (Intel® Corporation)

MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)

MsConfig:64bit - StartUpReg: USBChargerPlusTray - hkey= - key= - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)

MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.27 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.03.27 16:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.03.27 16:42:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rada\Desktop\dds.com

[2012.03.27 15:00:09 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Rada\Desktop\OTL.exe

[2012.03.27 14:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.03.27 14:55:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rada\Desktop\esetsmartinstaller_enu.exe

[2012.03.25 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\system64

[2012.03.23 21:53:59 | 000,000,000 | ---D | C] -- C:\Users\Rada\riotsGamesLogs

[2012.03.10 01:52:04 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Roaming\LolClient

[2012.03.10 01:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2012.03.10 00:25:42 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Local\PMB Files

[2012.03.10 00:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2012.03.10 00:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2012.03.07 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Roaming\NVIDIA

[2012.03.01 16:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012.03.01 16:51:20 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012.03.01 16:51:20 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012.03.01 16:17:41 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012.03.01 09:05:10 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Local\PunkBuster

[2012.03.01 09:05:05 | 000,000,000 | ---D | C] -- C:\Users\Rada\Documents\Battlefield 3

[2012.03.01 09:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2012.03.01 08:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012.03.01 08:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012.03.01 08:59:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2012.03.01 07:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2012.03.01 07:08:47 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Local\Origin

[2012.03.01 07:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012.03.01 07:08:15 | 000,000,000 | ---D | C] -- C:\Users\Rada\AppData\Roaming\Origin

[2012.03.01 07:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2012.03.01 07:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2012.03.01 07:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.27 17:11:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.27 17:11:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.27 17:11:13 | 001,530,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.27 17:11:13 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.27 17:11:13 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.27 17:11:13 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.27 17:11:13 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.27 17:11:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At35.job

[2012.03.27 17:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At36.job

[2012.03.27 17:06:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Rada\Desktop\OTL.exe

[2012.03.27 17:05:16 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd

[2012.03.27 17:04:22 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012.03.27 17:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.27 17:04:06 | 2075,893,759 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.27 16:56:11 | 000,002,678 | ---- | M] () -- C:\Users\Rada\Desktop\Logfiles.zip

[2012.03.27 16:54:09 | 000,002,570 | ---- | M] () -- C:\Users\Rada\Desktop\Logfiles.7z

[2012.03.27 16:43:38 | 000,000,000 | ---- | M] () -- C:\Users\Rada\defogger_reenable

[2012.03.27 16:43:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rada\Desktop\dds.com

[2012.03.27 16:42:51 | 000,050,477 | ---- | M] () -- C:\Users\Rada\Desktop\Defogger.exe

[2012.03.27 16:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At34.job

[2012.03.27 16:11:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At33.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At8.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At6.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At48.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At46.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At44.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At42.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At40.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At4.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At38.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At47.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At45.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At43.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At41.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At39.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At37.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At30.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At28.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At26.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At24.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At22.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At20.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At2.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At18.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At16.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At14.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At12.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At10.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At3.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At29.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At27.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At25.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At23.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At21.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At19.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At17.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At15.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At13.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At11.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At1.job

[2012.03.27 15:53:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\WvHV1KT.dat

[2012.03.27 15:48:13 | 000,099,328 | ---- | M] () -- C:\Windows\SysWow64\nL5736Kqi.com_

[2012.03.27 15:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At32.job

[2012.03.27 15:11:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At31.job

[2012.03.27 14:55:19 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Rada\Desktop\esetsmartinstaller_enu.exe

[2012.03.26 20:06:38 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.03.26 20:06:38 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.03.26 20:06:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.03.14 10:14:50 | 000,369,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.11 08:09:10 | 000,001,450 | ---- | M] () -- C:\Users\Rada\Desktop\Dropbox.lnk

[2012.03.10 01:27:44 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk

[2012.03.01 16:54:57 | 000,002,318 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2012.03.01 09:09:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012.03.01 08:59:08 | 000,000,646 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012.03.01 07:08:15 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2012.02.28 02:22:11 | 000,000,221 | ---- | M] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3.url

[2012.02.28 02:22:11 | 000,000,221 | ---- | M] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url

[2012.02.28 02:22:11 | 000,000,221 | ---- | M] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url

[2012.02.26 21:22:05 | 000,000,997 | ---- | M] () -- C:\Users\Rada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.27 16:56:11 | 000,002,678 | ---- | C] () -- C:\Users\Rada\Desktop\Logfiles.zip

[2012.03.27 16:54:09 | 000,002,570 | ---- | C] () -- C:\Users\Rada\Desktop\Logfiles.7z

[2012.03.27 16:43:38 | 000,000,000 | ---- | C] () -- C:\Users\Rada\defogger_reenable

[2012.03.27 16:42:46 | 000,050,477 | ---- | C] () -- C:\Users\Rada\Desktop\Defogger.exe

[2012.03.27 15:26:25 | 000,099,328 | ---- | C] () -- C:\Windows\SysWow64\nL5736Kqi.com_

[2012.03.27 14:47:55 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At48.job

[2012.03.27 14:47:55 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At46.job

[2012.03.27 14:47:55 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At47.job

[2012.03.27 14:47:55 | 000,000,112 | ---- | C] () -- C:\ProgramData\WvHV1KT.dat

[2012.03.27 14:47:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At44.job

[2012.03.27 14:47:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At42.job

[2012.03.27 14:47:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At40.job

[2012.03.27 14:47:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At38.job

[2012.03.27 14:47:54 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At45.job

[2012.03.27 14:47:54 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At43.job

[2012.03.27 14:47:54 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At41.job

[2012.03.27 14:47:54 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At39.job

[2012.03.27 14:47:54 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At37.job

[2012.03.27 14:47:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At36.job

[2012.03.27 14:47:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At34.job

[2012.03.27 14:47:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At32.job

[2012.03.27 14:47:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At30.job

[2012.03.27 14:47:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At28.job

[2012.03.27 14:47:53 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At35.job

[2012.03.27 14:47:53 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At33.job

[2012.03.27 14:47:53 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At31.job

[2012.03.27 14:47:53 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At29.job

[2012.03.27 14:47:53 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At27.job

[2012.03.27 14:47:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At26.job

[2012.03.27 14:47:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At24.job

[2012.03.27 14:47:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At22.job

[2012.03.27 14:47:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At20.job

[2012.03.27 14:47:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At18.job

[2012.03.27 14:47:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At25.job

[2012.03.27 14:47:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At23.job

[2012.03.27 14:47:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At21.job

[2012.03.27 14:47:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At19.job

[2012.03.27 14:47:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At17.job

[2012.03.27 14:47:51 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At8.job

[2012.03.27 14:47:51 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At16.job

[2012.03.27 14:47:51 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At14.job

[2012.03.27 14:47:51 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At12.job

[2012.03.27 14:47:51 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At10.job

[2012.03.27 14:47:51 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At9.job

[2012.03.27 14:47:51 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At7.job

[2012.03.27 14:47:51 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At15.job

[2012.03.27 14:47:51 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At13.job

[2012.03.27 14:47:51 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At11.job

[2012.03.27 14:47:50 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At6.job

[2012.03.27 14:47:50 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At4.job

[2012.03.27 14:47:50 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At2.job

[2012.03.27 14:47:50 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At5.job

[2012.03.27 14:47:50 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At3.job

[2012.03.27 14:47:50 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At1.job

[2012.03.25 17:35:31 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd

[2012.03.11 08:09:10 | 000,001,450 | ---- | C] () -- C:\Users\Rada\Desktop\Dropbox.lnk

[2012.03.10 01:27:44 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk

[2012.03.01 09:05:15 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.03.01 08:59:08 | 000,000,646 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012.03.01 08:58:44 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.03.01 08:58:44 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.03.01 08:58:44 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012.03.01 07:08:15 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2012.02.28 02:22:11 | 000,000,221 | ---- | C] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3.url

[2012.02.28 02:22:11 | 000,000,221 | ---- | C] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url

[2012.02.28 02:22:11 | 000,000,221 | ---- | C] () -- C:\Users\Rada\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url

[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012.01.16 03:35:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2012.01.10 15:40:46 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.08 14:55:24 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.01.08 14:55:24 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.06.20 16:02:04 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.06.20 16:01:58 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.06.20 16:01:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.06.20 16:01:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.06.20 16:01:40 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

 
 ========== LOP Check ==========

 

[2012.03.27 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\.minecraft

[2011.12.27 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\ASUS WebStorage

[2012.03.27 17:04:51 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Dropbox

[2012.03.10 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\LolClient

[2012.01.11 17:47:59 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Notepad++

[2012.01.09 08:42:44 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Nuance

[2012.01.12 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\OpenOffice.org

[2012.03.01 07:09:01 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Origin

[2012.01.16 03:54:06 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\SoftGrid Client

[2012.01.17 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\TeamViewer

[2012.01.09 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Thunderbird

[2012.01.10 15:41:17 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\TP

[2012.01.09 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Rada\AppData\Roaming\Zeon

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At10.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At11.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At12.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At13.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At14.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At15.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At16.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At17.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At18.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At19.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At20.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At21.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At22.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At23.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At24.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At25.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At26.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At27.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At28.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At29.job

[2012.03.27 15:57:03 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At3.job

[2012.03.27 15:57:03 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At30.job

[2012.03.27 15:11:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At31.job

[2012.03.27 15:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At32.job

[2012.03.27 16:11:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At33.job

[2012.03.27 16:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At34.job

[2012.03.27 17:11:01 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At35.job

[2012.03.27 17:11:00 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At36.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At37.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At38.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At39.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At4.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At40.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At41.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At42.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At43.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At44.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At45.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At46.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At47.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At48.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At5.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At6.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At7.job

[2012.03.27 15:57:04 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\At8.job

[2012.03.27 15:57:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\At9.job

[2012.03.27 15:54:20 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.12.27 17:26:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.03.27 17:04:39 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT

[2011.04.13 04:49:40 | 000,000,000 | ---D | M] -- C:\AsusVibeData

[2009.07.29 08:03:34 | 000,000,000 | -HSD | M] -- C:\Boot

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011.12.28 01:10:23 | 000,000,000 | ---D | M] -- C:\eSupport

[2011.12.28 00:54:00 | 000,000,000 | ---D | M] -- C:\Intel

[2012.01.16 03:50:52 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012.03.01 16:17:41 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.03.26 13:23:06 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.03.27 16:52:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.03.27 14:47:55 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2011.12.27 17:24:21 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.02.26 04:13:43 | 000,000,000 | ---D | M] -- C:\symbolleisten

[2012.03.27 17:10:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.01.12 12:45:43 | 000,000,000 | ---D | M] -- C:\temp

[2012.03.27 15:05:47 | 000,000,000 | R--D | M] -- C:\Users

[2011.12.28 01:44:30 | 000,000,000 | ---D | M] -- C:\WIMAPPLY

[2012.03.25 17:34:26 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010.11.20 15:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\system64\drivers\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\system64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\system64\netlogon.dll

[2010.11.20 15:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\system64\scecli.dll

[2010.11.20 15:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll

[2010.11.20 15:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe

[2010.11.20 15:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe

[2010.11.20 15:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll

[2011.03.28 18:27:18 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2011.03.28 18:27:18 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

 
 < %USERPROFILE%\*.* >

[2012.03.27 16:43:38 | 000,000,000 | ---- | M] () -- C:\Users\Rada\defogger_reenable

[2012.03.27 17:14:33 | 002,097,152 | -HS- | M] () -- C:\Users\Rada\NTUSER.DAT

[2012.03.27 17:14:33 | 000,262,144 | -HS- | M] () -- C:\Users\Rada\ntuser.dat.LOG1

[2011.12.27 17:25:46 | 000,000,000 | -HS- | M] () -- C:\Users\Rada\ntuser.dat.LOG2

[2011.12.27 18:00:09 | 000,065,536 | -HS- | M] () -- C:\Users\Rada\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2011.12.27 18:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\Rada\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2011.12.27 18:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\Rada\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2011.12.27 17:25:46 | 000,000,020 | -HS- | M] () -- C:\Users\Rada\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 <           >

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
 

< End of report >

--- --- ---

Das Forum sagt es wäre zu lang, deswegen ist hier mal nur die OTL.txt drin, aber nochmal beide im Anhang.
Ich seh grad, da stehen viele "unwichtige" Prozesse drin die im Hintergrund laufen wie z.B. Steam oder so, soll ich die ausschalten die unwichtig sind und nochmal druchlaufen lassen?

Danke! Ist echt geil was ihr hier macht =D