Danke schonmal für die Hilfe!!
Edit : Kennen sie/du Steam? Wenn ich das nun starte, habe ich meist 80-100% auslastung und Firefox benutzt nun 300k ram :/
und die SVchost.exe 200-300k ram. Hat sich alles verschlimmert =(
Erstmal sorry für die späte antwort. bin aber krank,habe fieber und alles was dazu gehört.
Was komisch war, als ich mein PC angemacht habe war:
Ich hab auf den Power-Knopf gedrückt, und bin fix in die Küche gegangen. Als ich wieder da war, war mein Konto gesperrt/abgemeldet??? Wieso das
Naja hier sind die Logfiles:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.11.19.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sam :: SAM-PC [Administrator]
Schutz: Deaktiviert
20.11.2012 20:01:04
mbam-log-2012-11-20 (20-01-04).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225667
Laufzeit: 4 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=758f2a7afe9c27408a8406959c8e66c5
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-20 08:16:18
# local_time=2012-11-20 09:16:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 4313 105068856 0 0
# compatibility_mode=8192 67108863 100 0 3696 3696 0 0
# scanned=188801
# found=1
# cleaned=0
# scan_time=3572
C:\Program Files (x86)\Reviversoft\Driver Reviver\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
# AdwCleaner v2.008 - Datei am 20/11/2012 um 20:07:28 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Sam - SAM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sam\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0m3a57pu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0m3a57pu.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Sam\AppData\Local\vghd
Ordner Gelöscht : C:\Users\Sam\AppData\Roaming\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0m3a57pu.default\prefs.js
C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0m3a57pu.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "36fc0c3c00000000000090fba6347633");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15577");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113931&tt=3412_4");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:43:51");
-\\ Google Chrome v23.0.1271.64
Datei : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3229 octets] - [20/11/2012 20:07:28]
########## EOF - C:\AdwCleaner[S1].txt - [3289 octets] ##########
und OTL, da weiß ich nicht ob ich richtig gescanned habe :
OTL Logfile: Code:
OTL logfile created on: 20.11.2012 21:23:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 39,82% Memory free
11,81 Gb Paging File | 9,29 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): c:\pagefile.sys 3000 9000d:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,95 Gb Total Space | 41,06 Gb Free Space | 41,08% Space Free | Partition Type: NTFS
Drive D: | 365,71 Gb Total Space | 245,69 Gb Free Space | 67,18% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,46 Gb Free Space | 79,59% Space Free | Partition Type: FAT
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.20 20:14:12 | 003,392,000 | ---- | M] () -- D:\Program Files (x86)\mY.eR Connect Client\mY.eR Connect Client\mY.eR Connect Client.exe
PRC - [2012.11.19 15:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2012.11.14 09:23:28 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.13 21:29:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.10.30 14:17:13 | 009,128,944 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2012.10.29 20:17:47 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.27 09:34:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2005.06.07 18:59:12 | 014,383,616 | ---- | M] () -- D:\GTA San Andreas\gta_sa.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.20 20:14:12 | 003,392,000 | ---- | M] () -- D:\Program Files (x86)\mY.eR Connect Client\mY.eR Connect Client\mY.eR Connect Client.exe
MOD - [2012.11.19 18:19:45 | 000,657,920 | ---- | M] () -- D:\GTA San Andreas\libraries\audio.dll
MOD - [2012.11.19 18:19:45 | 000,098,816 | ---- | M] () -- D:\GTA San Andreas\audio.asi
MOD - [2012.11.19 18:19:45 | 000,065,536 | ---- | M] () -- D:\GTA San Andreas\vorbisHooked.dll
MOD - [2012.11.19 18:19:45 | 000,004,096 | ---- | M] () -- D:\GTA San Andreas\vorbisFile.dll
MOD - [2012.11.17 23:09:55 | 000,777,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\fed26a638f830035d22a5e43eba31b5c\System.EnterpriseServices.ni.dll
MOD - [2012.11.17 23:09:55 | 000,249,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\fed26a638f830035d22a5e43eba31b5c\System.EnterpriseServices.Wrapper.dll
MOD - [2012.11.14 22:52:54 | 007,248,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5bbe73b2ceaece27b77fc5f57bc15cd0\System.Data.ni.dll
MOD - [2012.11.14 22:52:54 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a4a9a08c33370b293bac4de35df5543d\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 22:52:54 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\7bd37e8f49a897b569140f960f119478\System.Transactions.ni.dll
MOD - [2012.11.14 22:52:52 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\dcf43acc57aee4bd50af87e12a2028d8\System.Windows.Forms.ni.dll
MOD - [2012.11.14 22:52:51 | 001,920,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6aba15e7894fde43c6a7c8a24b876295\Microsoft.VisualBasic.ni.dll
MOD - [2012.11.14 22:52:49 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4a16ac66b61893ca07bae0ad11055ea2\System.Core.ni.dll
MOD - [2012.11.14 22:52:49 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0a00073d5ba60ccf1fbe02803e92bbc3\System.Configuration.ni.dll
MOD - [2012.11.14 22:52:48 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\93068aedfe860fb0618cf7377f9e508c\System.Xml.ni.dll
MOD - [2012.11.14 22:52:45 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0b5363b1e3a0f1cd089da81b88d29ea2\System.Drawing.ni.dll
MOD - [2012.11.14 22:52:44 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0e27ea18637e5205de8f09b195183a91\System.Management.ni.dll
MOD - [2012.11.14 22:52:42 | 009,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f82dad169c524366301b2224fe123045\System.ni.dll
MOD - [2012.11.14 09:23:28 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.10.27 09:34:00 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.10.23 13:16:53 | 000,426,480 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2012.10.23 13:16:53 | 000,414,720 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite4.dll
MOD - [2012.10.23 13:16:53 | 000,236,016 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
MOD - [2012.10.23 13:16:53 | 000,230,384 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2012.10.23 13:16:53 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtSql4.dll
MOD - [2012.10.23 13:16:53 | 000,159,216 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2012.10.13 22:25:12 | 000,088,064 | ---- | M] () -- D:\GTA San Andreas\outfit.asi
MOD - [2012.08.18 14:23:10 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012.07.30 15:13:00 | 007,859,200 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll
MOD - [2012.07.30 15:13:00 | 002,210,816 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll
MOD - [2012.07.30 15:13:00 | 000,814,080 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll
MOD - [2012.07.30 15:13:00 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll
MOD - [2012.07.30 15:13:00 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll
MOD - [2005.06.07 18:59:12 | 014,383,616 | ---- | M] () -- D:\GTA San Andreas\gta_sa.exe
MOD - [2003.11.16 09:48:00 | 001,060,864 | ---- | M] () -- D:\GTA San Andreas\vorbis.dll
MOD - [2003.11.15 16:54:18 | 000,036,864 | ---- | M] () -- D:\GTA San Andreas\ogg.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.14 09:23:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.13 21:29:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.10.27 09:34:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.26 11:07:10 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.10.24 16:03:44 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.11.16 17:18:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.01 00:39:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.09.01 00:39:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.27 21:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.16 01:08:02 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.01.16 01:08:00 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.09 03:11:00 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.09.21 00:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 21:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: {4d7b4ddf-813e-43bc-bf9e-8ae245eaa04d}:0.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.20
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.07 23:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 09:34:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 09:33:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 09:34:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 09:33:55 | 000,000,000 | ---D | M]
[2012.08.18 11:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2012.11.20 20:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\0m3a57pu.default\extensions
[2012.10.16 15:18:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\0m3a57pu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.08.22 22:13:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\0m3a57pu.default\extensions\battlefieldheroespatcher@ea.com
[2012.09.15 12:22:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\0m3a57pu.default\extensions\ich@maltegoetz.de
[2012.11.20 20:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\0m3a57pu.default\extensions\staged
[2012.09.06 18:12:23 | 000,012,044 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\0m3a57pu.default\extensions\FF_AddOn@viewtubes.de.xpi
[2012.11.13 22:02:04 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\0m3a57pu.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.09.05 17:21:09 | 000,007,142 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\0m3a57pu.default\extensions\{4d7b4ddf-813e-43bc-bf9e-8ae245eaa04d}.xpi
[2012.10.16 15:20:58 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\0m3a57pu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 09:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 09:34:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.14 16:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 11:01:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\MICROS~1\Office14\NPSPWRAP.DLL
CHR - Extension: YouTube = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: avast! WebRep = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: ScrewAds - Block, Skip, Remove YouTube Ads = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc\2.1.5_0\
CHR - Extension: Google Mail = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.11.19 19:38:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify] C:\Users\Sam\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] D:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78291751-EC1C-4022-84B3-657062F739AF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\Users\Sam\AppData\Local\GAMERS~1\LIVE!\Live.exe - (GamersFirst)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Dxtory Update Checker 2.0 - hkey= - key= - D:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - D:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - D:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.11.20 20:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.19 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\china
[2012.11.19 19:38:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.19 19:28:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.19 19:28:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.19 19:28:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.19 19:26:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.19 19:26:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.19 19:13:28 | 005,002,894 | R--- | C] (Swearware) -- C:\Users\Sam\Desktop\ComboFix.exe
[2012.11.19 18:36:33 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\GTA Snow Andreas Mod by GTASaModTuts
[2012.11.19 18:19:02 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\SA-MP Audio Plugin
[2012.11.19 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\mY
[2012.11.19 15:01:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012.11.19 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Diagnostics
[2012.11.19 14:58:39 | 001,343,488 | ---- | C] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2012.11.19 00:53:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Startup#
[2012.11.19 00:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\#Startup#
[2012.11.18 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Spiele
[2012.11.17 14:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012.11.17 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\FW-Sim
[2012.11.17 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FW-Sim
[2012.11.17 14:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FWsim
[2012.11.17 00:50:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\SCE
[2012.11.16 17:27:18 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\FLT
[2012.11.16 17:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.11.16 17:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2012
[2012.11.16 17:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.11.16 17:18:01 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.11.13 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2012.11.13 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2012.11.13 20:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 20:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 20:21:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.13 20:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.10 00:04:22 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\GamersFirst LIVE!
[2012.11.10 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2012.11.10 00:04:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\GamersFirst
[2012.11.09 18:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
[2012.11.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Alci_s_SAAT_GUI_FrontEnd_1.0
[2012.11.03 17:19:33 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\WaveKeyBinder
[2012.11.02 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Mumble
[2012.11.02 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Vivox
[2012.11.02 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivox
[2012.11.02 22:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vivox
[2012.11.01 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Arktos
[2012.11.01 20:06:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\CrashRpt
[2012.11.01 20:06:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Arktos
[2012.11.01 19:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012.10.30 21:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2012.10.29 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Spotify
[2012.10.29 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Spotify
[2012.10.28 18:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.10.27 09:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.26 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Play withSIX
[2012.10.26 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Play withSIX
[2012.10.26 16:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012.10.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\mcpatcher
[2012.10.22 23:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.10.22 21:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOOM Collector's Edition
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.20 21:08:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 20:53:06 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4042532805-3814796384-3679137941-1001UA.job
[2012.11.20 20:19:18 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 20:19:18 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 20:19:18 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 20:19:18 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 20:19:18 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 20:17:18 | 000,035,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 20:17:18 | 000,035,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 20:08:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 20:08:42 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 20:00:47 | 000,543,531 | ---- | M] () -- C:\Users\Sam\Desktop\adwcleaner.exe
[2012.11.20 19:52:27 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4042532805-3814796384-3679137941-1001Core.job
[2012.11.19 19:38:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.19 19:13:44 | 005,002,894 | R--- | M] (Swearware) -- C:\Users\Sam\Desktop\ComboFix.exe
[2012.11.19 18:15:15 | 000,001,151 | ---- | M] () -- C:\Users\Sam\Desktop\mY.eR Connect Client.lnk
[2012.11.19 15:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012.11.19 14:58:48 | 001,343,488 | ---- | M] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2012.11.18 21:19:44 | 000,010,514 | ---- | M] () -- C:\Users\Sam\Documents\IT die 2.odt
[2012.11.17 00:02:26 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012.11.16 17:18:40 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.11.16 17:18:01 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.11.15 14:32:07 | 000,422,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 21:29:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.13 21:29:25 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.13 21:29:25 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.13 21:27:59 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.11.13 20:47:12 | 000,868,065 | ---- | M] () -- C:\Users\Sam\AppData\Local\census.cache
[2012.11.13 20:47:06 | 000,109,782 | ---- | M] () -- C:\Users\Sam\AppData\Local\ars.cache
[2012.11.13 20:21:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.13 20:13:08 | 000,000,036 | ---- | M] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012.11.10 00:04:09 | 000,001,167 | ---- | M] () -- C:\Users\Sam\Desktop\GamersFirst LIVE!.lnk
[2012.11.07 23:07:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.02 22:17:24 | 000,002,385 | ---- | M] () -- C:\Users\Sam\Documents\MumbleAutomaticCertificateBackup.p12
[2012.11.02 22:04:31 | 000,001,979 | ---- | M] () -- C:\Users\Sam\Desktop\C3.lnk
[2012.10.31 19:24:20 | 000,182,693 | ---- | M] () -- C:\Users\Sam\Documents\Unbenannt.jpg
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.29 20:17:48 | 000,001,793 | ---- | M] () -- C:\Users\Sam\Desktop\Spotify.lnk
[2012.10.22 21:29:19 | 000,000,906 | ---- | M] () -- C:\Windows\DC.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.20 19:59:59 | 000,543,531 | ---- | C] () -- C:\Users\Sam\Desktop\adwcleaner.exe
[2012.11.19 19:28:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.19 19:28:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.19 19:28:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.19 19:28:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.19 19:28:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.19 18:06:56 | 000,001,151 | ---- | C] () -- C:\Users\Sam\Desktop\mY.eR Connect Client.lnk
[2012.11.18 21:19:40 | 000,010,514 | ---- | C] () -- C:\Users\Sam\Documents\IT die 2.odt
[2012.11.17 00:49:55 | 000,000,637 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012.11.17 00:02:26 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012.11.16 17:18:40 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.11.14 22:51:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 22:46:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 20:29:34 | 000,868,065 | ---- | C] () -- C:\Users\Sam\AppData\Local\census.cache
[2012.11.13 20:28:21 | 000,109,782 | ---- | C] () -- C:\Users\Sam\AppData\Local\ars.cache
[2012.11.13 20:21:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.13 20:13:08 | 000,000,036 | ---- | C] () -- C:\Users\Sam\AppData\Local\housecall.guid.cache
[2012.11.10 00:04:09 | 000,001,167 | ---- | C] () -- C:\Users\Sam\Desktop\GamersFirst LIVE!.lnk
[2012.11.02 22:17:24 | 000,002,385 | ---- | C] () -- C:\Users\Sam\Documents\MumbleAutomaticCertificateBackup.p12
[2012.11.02 22:04:31 | 000,001,979 | ---- | C] () -- C:\Users\Sam\Desktop\C3.lnk
[2012.10.31 19:24:02 | 000,182,693 | ---- | C] () -- C:\Users\Sam\Documents\Unbenannt.jpg
[2012.10.29 20:17:48 | 000,001,793 | ---- | C] () -- C:\Users\Sam\Desktop\Spotify.lnk
[2012.10.29 20:17:48 | 000,001,779 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.10.22 23:47:58 | 000,000,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
[2012.10.22 21:28:52 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012.09.28 21:49:29 | 000,000,540 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2012.09.22 19:13:46 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\dvttrn.dll
[2012.09.21 20:26:50 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.09.21 20:26:50 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.09.21 20:26:50 | 000,001,986 | ---- | C] () -- C:\Windows\unins000.dat
[2012.09.16 15:12:52 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012.09.15 20:59:03 | 000,000,004 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2012.09.04 20:42:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.04 20:42:58 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.09.02 21:50:15 | 000,007,605 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2012.08.22 22:17:05 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 14:21:41 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.10.28 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2012.10.20 15:39:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.mojam
[2012.09.29 20:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Audacity
[2012.09.04 17:23:20 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Awesomium
[2012.11.16 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2012.09.22 17:31:10 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FireShot
[2012.09.24 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FOG Downloader
[2012.10.11 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Keybinder
[2012.08.18 21:12:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2012.08.18 21:53:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MAXON
[2012.09.04 13:37:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Maxthon3
[2012.11.02 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mumble
[2012.10.03 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MW2 FoV Changer
[2012.09.11 14:42:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2012.09.01 11:00:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Origin
[2012.10.26 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Play withSIX
[2012.10.09 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Publish Providers
[2012.11.19 18:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\SA-MP Audio Plugin
[2012.08.25 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\six-zsync
[2012.10.09 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sony
[2012.11.20 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2012.09.17 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TeamViewer
[2012.11.20 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client
[2012.09.01 00:45:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2012.11.20 20:13:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2012.10.07 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\WRFree
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.11.19 19:38:06 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2012.09.02 17:13:30 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.18 11:43:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.08.18 21:36:01 | 000,000,000 | ---D | M] -- C:\Drivers
[2012.08.18 21:36:01 | 000,000,000 | ---D | M] -- C:\Hotfix
[2012.09.13 17:55:22 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.08.18 12:01:19 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.14 18:14:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.20 20:15:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.20 20:07:28 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.08.18 11:43:42 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.19 19:41:52 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.08.18 11:43:42 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.20 21:25:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.14 12:33:32 | 000,000,000 | ---D | M] -- C:\temp
[2012.08.18 12:03:38 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.19 19:38:26 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /5 >
[2012.11.17 14:49:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}
< %localappdata%\*. /5 >
[2012.11.19 15:01:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\Diagnostics
[2012.11.16 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\FLT
[2012.11.19 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\mY
[2012.11.17 00:50:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\SCE
[2012.11.20 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\Spotify
[2012.11.20 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Local\Temp
< End of report > --- --- --- |