| JennyXia | 17.11.2012 21:54 |
Ui wieso das? Ist SpyHunter nicht eigentlich ein "gutes" Programm?
Hier ist der Rest. Ich hoffe das ist alles richtig so :S Code:
OTL Extras logfile created on: 17.11.2012 21:44:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,85 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 71,44% Memory free
7,71 Gb Paging File | 6,40 Gb Available in Paging File | 83,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 17,07 Gb Free Space | 42,67% Space Free | Partition Type: NTFS
Drive D: | 405,66 Gb Total Space | 320,29 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D16313-54E9-4D4D-961E-64398A457D93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0ABA4E08-47ED-43AD-B749-60C2CBA748B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A8B2402-DE92-4B84-A114-C1AC4AA6157A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B6B9DD1-B1EA-4A22-B513-0D48D785FC9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2DE402A7-F2A4-447F-9A57-05D7427F05E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E3BA54C-3550-482F-9659-8CD7C6A7108A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3032E3B6-94E6-4848-894E-978C305A0C1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{394687C3-F377-4144-907D-8A9594E97BC8}" = rport=138 | protocol=17 | dir=out | app=system |
"{45353CF3-8E6A-4960-8B38-179552B11813}" = lport=137 | protocol=17 | dir=in | app=system |
"{4FFAD09E-B90D-4EF6-B73F-4845000B0E43}" = lport=139 | protocol=6 | dir=in | app=system |
"{51DDA6CA-9874-4E39-B963-B8E407EFD492}" = lport=445 | protocol=6 | dir=in | app=system |
"{6597ECEC-3412-4253-B696-1A89EF0B85DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73542B72-DBB0-4D92-91EF-6374A50B2522}" = rport=137 | protocol=17 | dir=out | app=system |
"{80AA27A8-8982-4DC6-B177-BAF031ABDB7A}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC09259-E140-426A-AFEF-2AB8EE795D04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADB556F8-FCA0-4A6A-AD17-E0C05C0A3C55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8B69BF9-A482-472C-AEEA-7BE31263A79D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEAD42BE-5326-4E08-AE5B-42FCBA3C78F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C07840A0-1CBE-43BA-AAD8-58F86B45CD21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C648FAB1-390C-4276-B071-5013ED82018D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C7B0ED33-D75F-47C9-B610-901685503D1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA797A37-0BA3-4D45-87F3-0ADBFC8CB708}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EB5D92C9-F61B-493C-AE72-AB2F825A5A03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02177F91-957E-478F-B4B0-164249EB148B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AD24008-B2D3-4282-AA4A-2940CCB53801}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{11B8CC42-F50E-4256-8711-0A76F4662E67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A258B57-E141-4591-9107-A26A51497D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{369C0B27-A88B-4A0A-A463-4A5C01BE2422}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F37AD65-4125-496B-B5CE-1048E1451D6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71A42F9A-F024-4D54-BE46-31A2CF20887B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77AF8514-8712-4B5F-8408-549A650C37C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{904F07C1-F053-4A28-9C34-CA9470685406}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9136719C-2EBD-4038-AF45-05DA70EC8266}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{934747B3-2D29-4A6A-9718-5DC6D1C70BEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A93BBD40-D42F-4881-8356-E78BCC6AF3F5}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AA29E620-7309-4446-A0DE-07B0EF90164C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B1404949-1DDF-4086-9A82-BA39E6B798D7}" = protocol=6 | dir=out | app=system |
"{B2BBDA54-A674-4EA5-B720-3AEE5706E2C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8AD4102-5B6D-4166-9374-9D472D165030}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD4F22A9-53D8-4C43-AFA7-83AB02F3DC12}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D99F8FEE-D314-459B-A9E5-F674C054CF81}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{DC1501C6-4FBB-40CE-A5B5-350E28473BA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA5AAAAD-B665-4F37-AC9A-8A43AB731FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB94F069-4338-40E0-A1C4-5B25824B62AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC940BA5-0E7A-4DE0-8CC0-750F767909C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F496F164-44C7-4B50-8D12-1F63AF7DE68D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7010
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Defender_is1" = Browser Guard 4.0
"L.A Noire_is1" = L.A. Noire Update v1.3.2613
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Rockstar Games Social Club" = Rockstar Games Social Club
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 13:03:20 | Computer Name = Jenny-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jenny\Downloads\SoftonicDownloader_fuer_mycam.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 02.11.2012 13:03:22 | Computer Name = Jenny-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jenny\Downloads\SoftonicDownloader_fuer_mycam.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 02.11.2012 13:03:23 | Computer Name = Jenny-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jenny\Downloads\SoftonicDownloader_fuer_mycam.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 02.11.2012 13:05:11 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MyCam.exe, Version: 1.1.0.1, Zeitstempel:
0x4c2b5d1e Name des fehlerhaften Moduls: MyCam.exe, Version: 1.1.0.1, Zeitstempel:
0x4c2b5d1e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002248b ID des fehlerhaften Prozesses:
0x1044 Startzeit der fehlerhaften Anwendung: 0x01cdb91c22f27924 Pfad der fehlerhaften
Anwendung: C:\Users\Jenny\Desktop\MyCam\MyCam\MyCam.exe Pfad des fehlerhaften Moduls:
C:\Users\Jenny\Desktop\MyCam\MyCam\MyCam.exe Berichtskennung: 75ee883d-250f-11e2-8de1-002454e71f40
Error - 03.11.2012 08:07:44 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x8d0 Startzeit der fehlerhaften Anwendung: 0x01cdb9bbd366128e
Pfad
der fehlerhaften Anwendung: D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
12490a4a-25af-11e2-88d8-002454e71f40
Error - 12.11.2012 11:40:13 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 109c Startzeit:
01cdc0ebd7417da2 Endzeit: 0 Anwendungspfad: D:\Programme\Firefox\firefox.exe Berichts-ID:
3cd7c3dc-2cdf-11e2-bc30-002454e71f40
Error - 17.11.2012 08:31:32 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm ManyCam.exe, Version 3.0.92.3726 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11b4 Startzeit:
01cdc4bdc6df41f0 Endzeit: 23 Anwendungspfad: C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
Berichts-ID:
b5dd60e6-30b2-11e2-a809-002454e71f40
Error - 17.11.2012 12:59:43 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pctsSvc.exe, Version: 9.1.0.2894,
Zeitstempel: 0x509054e5 Name des fehlerhaften Moduls: rtl100.bpl, Version: 11.0.2902.10471,
Zeitstempel: 0x475fc385 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000a264 ID des fehlerhaften
Prozesses: 0x888 Startzeit der fehlerhaften Anwendung: 0x01cdc4e3f9f87641 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\PC Tools\PC Tools Security\rtl100.bpl
Berichtskennung:
2e9a0975-30d8-11e2-a96c-002454e71f40
Error - 17.11.2012 13:47:06 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.151,
Zeitstempel: 0x509da0a7 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
Zeitstempel: 0x4ca2b271 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001500a ID des fehlerhaften
Prozesses: 0xf70 Startzeit der fehlerhaften Anwendung: 0x01cdc4e6c085f275 Pfad der
fehlerhaften Anwendung: D:\Spiele\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.200\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
cce6d31d-30de-11e2-a96c-002454e71f40
Error - 17.11.2012 16:41:19 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f14 Startzeit:
01cdc503b0322390 Endzeit: 0 Anwendungspfad: C:\Users\Jenny\Downloads\OTL.exe Berichts-ID:
[ System Events ]
Error - 17.11.2012 16:34:55 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.11.2012 16:46:26 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:46:56 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:47:26 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:47:56 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:48:26 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:48:56 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:49:26 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:49:56 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
Error - 17.11.2012 16:50:26 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "PC Tools Browser Defender Driver" ist von folgendem Dienst
abhängig: PCTCore. Dieser Dienst ist eventuell nicht installiert.
< End of report >
Das war das aus der Extra Datei.... Code:
OTL logfile created on: 17.11.2012 21:44:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,85 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 71,44% Memory free
7,71 Gb Paging File | 6,40 Gb Available in Paging File | 83,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 17,07 Gb Free Space | 42,67% Space Free | Partition Type: NTFS
Drive D: | 405,66 Gb Total Space | 320,29 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jenny\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - D:\Programme\program\soffice.exe (OpenOffice.org)
PRC - D:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\690b92468a3a69a5c4127f9f229459b7\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - D:\Programme\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutA0A0FyEyC0Azyzz0CtDyDyDyCzytDzytN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=185388092
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 8F 2C F4 CE A3 CD 01 [binary data]
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3284266723-1986813818-3886333453-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.4
FF - prefs.js..network.proxy.ftp: "88.86.99.18"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "88.86.99.18"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.86.99.18"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "88.86.99.18"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.11.17 17:52:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\plugins [2012.10.30 10:55:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Programme\Firefox\components [2012.10.27 18:54:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Programme\Firefox\plugins
[2012.10.06 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2012.11.17 16:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\keb1wcar.default\extensions
[2012.10.06 15:48:46 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\keb1wcar.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.27 13:02:47 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\keb1wcar.default\extensions\stealthyextension@gmail.com.xpi
[2012.10.06 18:06:33 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\keb1wcar.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] D:\Programme\Catalyst\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Programme\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F576803-AE4A-4E0D-98D9-32C828BE7F28}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.17 16:45:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.17 17:52:40 | 000,077,144 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012.11.17 17:52:37 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012.11.17 17:52:37 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012.11.17 17:52:37 | 000,150,648 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012.11.17 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012.11.17 17:48:56 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.11.17 17:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.11.17 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TestApp
[2012.11.17 17:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.11.17 17:47:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.17 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.17 16:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.17 13:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Avatar
[2012.11.17 13:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.12 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Nitro
[2012.11.12 18:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\FileOpen
[2012.11.12 18:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2012.11.12 18:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2012.11.12 18:59:08 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Downloaded Installations
[2012.11.04 22:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2012.11.04 22:43:04 | 000,013,824 | ---- | C] (SAMSUNG ELECTRONICS) -- C:\Windows\SysNative\drivers\SABI.sys
[2012.11.04 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.11.04 22:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.11.03 19:44:49 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Chromium
[2012.11.03 19:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.11.03 19:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Rockstar Games
[2012.11.03 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.11.02 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\CyberLink
[2012.11.02 17:57:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Youcam
[2012.11.02 17:57:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\CyberLink
[2012.11.02 17:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.11.02 17:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012.11.02 17:55:33 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Google
[2012.11.02 17:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.10.29 22:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012.10.29 22:38:14 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.10.29 22:38:14 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.10.29 22:38:14 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.10.29 22:38:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.10.29 22:38:13 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.10.29 22:38:13 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.10.29 22:38:13 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.10.29 22:38:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.10.29 22:38:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.10.29 22:38:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.10.29 22:38:13 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.10.29 22:38:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.10.29 22:38:13 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.10.29 22:38:13 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.10.29 22:38:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.10.29 22:38:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.10.29 22:38:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.10.29 22:38:12 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.10.29 22:38:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.10.29 22:38:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.10.29 22:38:11 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.10.29 22:38:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.10.29 22:38:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.10.29 22:38:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.10.29 22:38:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.10.29 22:38:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.10.29 22:38:10 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.10.29 22:38:10 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.10.29 22:38:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.10.29 22:38:10 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.10.29 22:38:09 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.10.29 22:38:09 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.10.29 22:38:09 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.10.29 22:38:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.10.29 22:38:09 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.10.29 22:38:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.10.29 22:38:09 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.10.29 22:38:09 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.10.29 22:38:08 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.10.29 22:38:08 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.10.29 22:38:08 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.10.29 22:38:08 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.10.29 22:38:08 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.10.29 22:38:08 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.10.29 22:38:07 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.10.29 22:38:07 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.10.29 22:38:07 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.10.29 22:38:07 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.10.29 22:38:06 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.10.29 22:38:06 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.10.29 22:38:06 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.10.29 22:38:06 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.10.29 22:38:06 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.10.29 22:38:06 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.10.29 22:38:06 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.10.29 22:38:06 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.10.29 22:38:05 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.10.29 22:38:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.10.29 22:38:05 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.10.29 22:38:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.10.29 22:38:05 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.10.29 22:38:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.10.29 22:38:04 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.10.29 22:38:04 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.10.29 22:38:04 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.10.29 22:38:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.10.29 22:38:03 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.10.29 22:38:03 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.10.29 22:38:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.10.29 22:38:03 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.10.29 22:38:03 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.10.29 22:38:03 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.10.29 22:38:02 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.10.29 22:38:02 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.10.29 22:38:02 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.10.29 22:38:01 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.10.29 22:38:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.10.29 22:38:01 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.10.29 22:38:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.10.29 22:38:00 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.10.29 22:38:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.10.29 22:38:00 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.10.29 22:38:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.10.29 22:38:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.10.29 22:38:00 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.10.29 22:38:00 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.10.29 22:38:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.10.29 22:37:59 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.10.29 22:37:59 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.10.29 22:37:59 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.10.29 22:37:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.10.29 22:37:58 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.10.29 22:37:58 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.10.29 22:37:58 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.10.29 22:37:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.10.29 22:37:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.10.29 22:37:58 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.10.29 22:37:58 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.10.29 22:37:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.10.29 22:37:57 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.10.29 22:37:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.10.29 22:37:57 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.10.29 22:37:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.10.29 22:37:57 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.10.29 22:37:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.10.29 22:37:57 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.10.29 22:37:57 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.10.29 22:37:56 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.10.29 22:37:56 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.10.29 22:37:55 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.10.29 22:37:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.10.29 22:37:55 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.10.29 22:37:55 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.10.29 22:37:55 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.10.29 22:37:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.10.29 22:37:55 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.10.29 22:37:55 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.10.29 22:37:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.10.29 22:37:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.10.29 22:37:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.10.29 22:37:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.10.29 22:37:53 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.10.29 22:37:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.10.29 22:37:53 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.10.29 22:37:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.10.29 22:37:53 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.10.29 22:37:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.10.29 22:37:53 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.10.29 22:37:53 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.10.29 22:37:52 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.10.29 22:37:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.10.29 22:37:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.10.29 22:37:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.10.29 22:37:52 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.10.29 22:37:52 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.10.29 22:37:51 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.10.29 22:37:51 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.10.29 22:37:50 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.10.29 22:37:50 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.10.29 22:37:49 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.10.29 22:37:49 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.10.29 22:37:49 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.10.29 22:37:49 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.10.29 22:37:49 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.10.29 22:37:49 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.10.29 22:37:48 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.10.29 22:37:48 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.10.29 22:37:48 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.10.29 22:37:48 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.10.29 22:37:47 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.10.29 22:37:47 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.10.29 22:37:47 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.10.29 22:37:47 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.10.29 22:37:47 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.10.29 22:37:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.10.29 22:37:46 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.10.29 22:37:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.10.29 22:37:46 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.10.29 22:37:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.10.29 22:37:45 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.10.29 22:37:45 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.10.29 22:37:41 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.10.29 22:37:41 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.10.29 22:37:41 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.10.29 22:37:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.10.29 22:37:41 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.10.29 22:37:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.10.29 22:37:41 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.10.29 22:37:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.10.29 22:37:40 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.10.29 22:37:40 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.10.29 22:37:40 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.10.29 22:37:40 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.10.29 22:37:40 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.10.29 22:37:40 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.10.29 22:37:39 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.10.29 22:37:39 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.10.29 22:37:38 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.10.29 22:37:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.10.29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.10.27 15:57:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.10.27 15:57:06 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.10.27 15:57:06 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.10.27 15:56:55 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.10.26 11:00:35 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Microsoft Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.17 21:41:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 21:41:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 21:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 21:36:03 | 3103,387,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 17:49:46 | 001,900,809 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.11.17 16:45:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.17 13:29:46 | 000,290,500 | ---- | M] () -- C:\Users\Jenny\AppData\Local\funmoods-speeddial_sf.crx
[2012.11.13 17:43:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 17:43:03 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.12 18:54:23 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.12 18:54:23 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.12 18:54:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.12 18:54:23 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.12 18:54:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.04 22:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.11.02 18:05:11 | 000,003,584 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.01 15:35:14 | 000,253,256 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.10.28 13:13:40 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.23 17:40:32 | 000,077,144 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012.10.23 17:40:28 | 000,150,648 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012.10.23 17:40:26 | 002,280,568 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012.10.23 17:40:26 | 001,690,744 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012.10.23 17:40:00 | 000,769,144 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012.10.23 16:30:44 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012.10.23 16:30:44 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012.10.23 16:30:44 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012.10.23 16:30:44 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.17 17:52:39 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.11.17 17:52:38 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012.11.17 17:52:38 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012.11.17 17:52:37 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012.11.17 17:52:37 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012.11.17 17:49:06 | 001,900,809 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.11.17 16:45:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012.11.17 13:29:47 | 000,290,500 | ---- | C] () -- C:\Users\Jenny\AppData\Local\funmoods-speeddial_sf.crx
[2012.11.04 22:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SABI_01009.Wdf
[2012.11.02 18:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.17 16:18:08 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7220.DAT
[2012.10.12 21:09:33 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.12 21:09:33 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7010.DAT
[2012.10.06 17:29:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.06 17:19:00 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.11.12 18:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Downloaded Installations
[2012.11.12 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FileOpen
[2012.10.06 18:08:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LolClient
[2012.11.12 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nitro
[2012.10.17 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2012.10.18 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PhotoScape
[2012.11.17 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TestApp
[2012.11.17 21:34:42 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client
========== Purity Check ==========
========== Custom Scans ==========
< # AdwCleaner v2.007 - Datei am 17/11/2012 um 21:34:56 erstellt >
Invalid Switch: 2012 um 21:34:56 erstellt
< # Aktualisiert am 06/11/2012 von Xplode >
Invalid Switch: 2012 von Xplode
< # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,019,026 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.10.06 17:36:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< # Benutzer : Jenny - JENNY-PC >
< # Bootmodus : Normal >
< # Ausgeführt unter : C:\Users\Jenny\Downloads\adwcleaner.exe >
< # Option [Löschen] >
< >
< >
< **** [Dienste] **** >
< >
< Gestoppt & Gelöscht : Browser Manager >
< >
< ***** [Dateien / Ordner] ***** >
Invalid Switch: Ordner] *****
< >
< Datei Gelöscht : C:\Users\Jenny\AppData\Local\funmoods.crx >
< Datei Gelöscht : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\keb1wcar.default\searchplugins\funmoods.xml >
< Gelöscht mit Neustart : C:\ProgramData\Browser Manager >
< Ordner Gelöscht : C:\ProgramData\Ask >
< Ordner Gelöscht : C:\ProgramData\Babylon >
< Ordner Gelöscht : C:\ProgramData\IBUpdaterService >
< Ordner Gelöscht : C:\ProgramData\Tarma Installer >
< Ordner Gelöscht : C:\Users\Jenny\AppData\Local\Temp\AskSearch >
< Ordner Gelöscht : C:\Users\Jenny\AppData\Local\Wajam >
< Ordner Gelöscht : C:\Users\Jenny\AppData\Roaming\Babylon >
< Ordner Gelöscht : C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager >
< >
< ***** [Registrierungsdatenbank] ***** >
< >
< Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll >
< Schlüssel Gelöscht : HKCU\Software\APN PIP >
< Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider >
< Schlüssel Gelöscht : HKCU\Software\Cr_Installer >
< Schlüssel Gelöscht : HKCU\Software\DataMngr >
< Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar >
< Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh >
< Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} >
< Schlüssel Gelöscht : HKCU\Software\Softonic >
< Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} >
< Schlüssel Gelöscht : HKLM\Software\Babylon >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} >
< Schlüssel Gelöscht : HKLM\Software\DataMngr >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} >
< Schlüssel Gelöscht : HKLM\Software\PIP >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} >
< Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer >
< Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] >
< Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] >
< >
< ***** [Internet Browser] ***** >
< >
< -\\ Internet Explorer v8.0.7601.17514 >
< >
< Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutA0A0FyEyC0Azyzz0CtDyDyDyCzytDzytN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=185388092 --> hxxp://www.google.com >
Invalid Switch: www.google.com
< Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] >
< >
< -\\ Mozilla Firefox v15.0.1 (de) >
< >
< Profilname : default >
< Datei : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\keb1wcar.default\prefs.js >
< >
< C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\keb1wcar.default\user.js ... Gelöscht ! >
< >
< Gelöscht : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2X[...] >
< Gelöscht : user_pref("extensions.funmoods.aflt", "download"); >
< Gelöscht : user_pref("extensions.funmoods.autoRvrt", false); >
< Gelöscht : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); >
< Gelöscht : user_pref("extensions.funmoods.cntry", "DE"); >
< Gelöscht : user_pref("extensions.funmoods.cv", "cv5"); >
< Gelöscht : user_pref("extensions.funmoods.dfltLng", ""); >
< Gelöscht : user_pref("extensions.funmoods.dfltSrch", false); >
< Gelöscht : user_pref("extensions.funmoods.dfltlng", "en"); >
< Gelöscht : user_pref("extensions.funmoods.dfltsrch", "false"); >
< Gelöscht : user_pref("extensions.funmoods.dnsErr", true); >
< Gelöscht : user_pref("extensions.funmoods.envrmnt", "production"); >
< Gelöscht : user_pref("extensions.funmoods.excTlbr", false); >
< Gelöscht : user_pref("extensions.funmoods.hdrMd5", "DFD4E65021E34903219B10A723CBDEEB"); >
< Gelöscht : user_pref("extensions.funmoods.hmpg", false); >
< Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...] >
< Gelöscht : user_pref("extensions.funmoods.hrdid", "3AF46A98C0556909"); >
< Gelöscht : user_pref("extensions.funmoods.id", "3AF46A98C0556909"); >
< Gelöscht : user_pref("extensions.funmoods.instlDay", "15661"); >
< Gelöscht : user_pref("extensions.funmoods.instlRef", "download"); >
< Gelöscht : user_pref("extensions.funmoods.instlday", "15661"); >
< Gelöscht : user_pref("extensions.funmoods.instlref", "download"); >
< Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true); >
< Gelöscht : user_pref("extensions.funmoods.keywordurl", ""); >
< Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:29:44"); >
< Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); >
< Gelöscht : user_pref("extensions.funmoods.newTab", true); >
< Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...] >
< Gelöscht : user_pref("extensions.funmoods.newtab", true); >
< Gelöscht : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...] >
< Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods"); >
< Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods"); >
< Gelöscht : user_pref("extensions.funmoods.prtnrid", "funmoods"); >
< Gelöscht : user_pref("extensions.funmoods.savedVrsnTs", "1"); >
< Gelöscht : user_pref("extensions.funmoods.sg", "none"); >
< Gelöscht : user_pref("extensions.funmoods.smplGrp", "none"); >
< Gelöscht : user_pref("extensions.funmoods.smplgrp", "none"); >
< Gelöscht : user_pref("extensions.funmoods.srch", ""); >
< Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search"); >
< Gelöscht : user_pref("extensions.funmoods.srchprvdr", "Search"); >
< Gelöscht : user_pref("extensions.funmoods.tlbrId", "base"); >
< Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...] >
< Gelöscht : user_pref("extensions.funmoods.tlbrid", "base"); >
< Gelöscht : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...] >
< Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); >
< Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:29:44"); >
< Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); >
< Gelöscht : user_pref("extensions.funmoods.vrsnts", "1.5.23.2213:29:44"); >
< Gelöscht : user_pref("extensions.funmoods_i.newTab", true); >
< Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none"); >
< Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:29:44"); >
< >
< ************************* >
[2012.11.17 21:35:02 | 000,010,089 | ---- | M] () -- \AdwCleaner[S1].txt
[2012.11.17 16:45:44 | 000,000,000 | ---- | M] () -- \autoexec.bat
[2012.11.17 21:36:03 | 3103,387,648 | -HS- | M] () -- \hiberfil.sys
[2012.11.17 21:36:05 | 4137,852,928 | -HS- | M] () -- \pagefile.sys
[2012.10.06 15:26:27 | 000,000,184 | ---- | M] () -- \setup.log
< >
< AdwCleaner[S1].txt - [9969 octets] - [17/11/2012 21:34:56] >
Invalid Switch: 2012 21:34:56]
< >
< ########## EOF - C:\AdwCleaner[S1].txt - [10029 octets] ########## >
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
< End of report >
Und das andere... :) |
