Ich bin zwar schon auf ein Backup vorbereitet, aber ich währe zufrieden, wenn das endlich verschwinden würde^^
OTL Scan: Code:
OTL logfile created on: 22.04.2011 15:05:29 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\FIETE\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 83,97 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 171,30 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Computer Name: FIETE-TOSH | User Name: FIETE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\FIETE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
========== Modules (SafeList) ==========
MOD - C:\Users\FIETE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (MYFAULT) -- C:\Windows\SysNative\drivers\myfault.sys (Sysinternals)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (NCHVSC64) SoundTap Recorder (64 Bit) -- C:\Windows\SysNative\drivers\nchvsc64.sys (NCH Swift Sound)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys (Protection Technology)
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 9A 26 0D DC 4A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.order.2: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.137.1"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "192.168.137.1"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "192.168.137.1"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "192.168.137.1"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.168.137.1"
FF - prefs.js..network.proxy.gopher: "192.168.137.1"
FF - prefs.js..network.proxy.http: "192.168.137.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.137.1"
FF - prefs.js..network.proxy.ssl: "192.168.137.1"
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "foxsearch"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.02.27 21:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.04.18 22:04:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
[2009.12.30 12:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FIETE\AppData\Roaming\mozilla\Extensions
[2011.04.21 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions
[2011.03.03 18:02:47 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011.03.11 18:26:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.16 22:48:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 22:34:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.07 22:03:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 17:51:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2011.01.27 11:36:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.02.22 21:02:35 | 000,000,000 | ---D | M] (Fasterfox (EladKarako Mod)) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
[2011.01.29 17:57:57 | 000,001,141 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\conduit.xml
[2011.03.11 19:22:21 | 000,000,828 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-1.xml
[2011.03.11 19:22:21 | 000,000,602 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-2.xml
[2011.03.11 19:22:21 | 000,000,828 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-3.xml
[2011.03.11 19:22:21 | 000,000,901 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin.xml
[2011.02.28 18:53:18 | 000,003,915 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\sweetim.xml
[2011.04.21 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.01.03 16:55:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.31 18:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 14:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 18:08:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 00:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 17:24:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.27 21:36:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
[2011.03.04 08:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.04 08:05:59 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.29 17:57:57 | 000,001,605 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.08.07 16:00:04 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxsearch.src
[2011.03.04 08:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.04 08:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.04 08:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.04.20 03:29:24 | 000,001,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\FIETE\AppData\Roaming\UUSoQLdiE9hE.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26ffb629-2014-11e0-94c3-002622f1344e}\Shell - "" = AutoRun
O33 - MountPoints2\{26ffb629-2014-11e0-94c3-002622f1344e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{33a6d159-b4f2-11df-a4cf-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{33a6d159-b4f2-11df-a4cf-001bdc002e32}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a68a4bcf-d96f-11de-ac4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a68a4bcf-d96f-11de-ac4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{fdaea6c6-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6c6-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fdaea6d7-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6d7-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fdaea6f9-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6f9-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\CDStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.22 15:04:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\FIETE\Desktop\OTL.exe
[2011.04.21 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6
[2011.04.21 22:09:36 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\Siro's pub 8.6
[2011.04.21 18:34:24 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\BlackLegend Public
[2011.04.21 02:03:26 | 001,498,960 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100d.dll
[2011.04.21 02:03:26 | 000,771,424 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100_clr0400.dll
[2011.04.21 02:03:26 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100.dll
[2011.04.21 02:03:26 | 000,743,248 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcp100d.dll
[2011.04.21 02:03:26 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcp100.dll
[2011.04.21 02:03:26 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Users\FIETE\Desktop\libcurld.dll
[2011.04.21 01:31:04 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\images
[2011.04.20 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\Kram
[2011.04.20 03:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.04.20 03:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.04.19 17:11:52 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\Threat Expert
[2011.04.18 22:04:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011.04.18 22:04:24 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011.04.18 22:04:24 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011.04.18 21:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011.04.18 21:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.04.18 01:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.17 17:32:48 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\FIETE\Desktop\tdsskiller.exe
[2011.04.17 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.04.16 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{CEBA4F82-10C3-4A4C-9C54-628B040B8928}
[2011.04.16 15:58:00 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\TechSmith
[2011.04.16 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Documents\Camtasia Studio
[2011.04.16 15:56:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011.04.16 15:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2011.04.16 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011.04.16 15:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011.04.16 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011.04.15 18:17:26 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{E8859431-9F1C-487C-9EEE-C18973BD4D5A}
[2011.04.15 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2
[2011.04.15 16:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Half-Life 2
[2011.04.15 15:52:50 | 000,000,000 | ---D | C] -- C:\Half-Life 2
[2011.04.14 22:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gmod9
[2011.04.14 18:24:40 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.14 18:24:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.14 18:24:35 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.14 18:24:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.14 18:24:34 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.14 18:24:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.14 18:24:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.14 18:24:28 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.14 18:24:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.14 18:24:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.14 18:24:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.14 18:24:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.14 18:24:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.14 18:24:13 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.14 18:24:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.14 18:24:12 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.14 18:24:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.14 18:24:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.14 18:24:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.14 18:24:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.14 18:24:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.14 18:24:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.14 18:24:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.14 18:24:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.14 18:24:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.14 18:24:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.14 18:24:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.14 18:23:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.14 18:23:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.14 18:23:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.14 18:23:12 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.14 18:23:12 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.14 18:23:11 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.14 18:23:11 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.14 18:23:11 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.14 18:23:11 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.14 18:23:11 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.14 18:23:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\ProtectDisc
[2011.04.12 18:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2011.04.12 18:53:10 | 000,277,904 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv10.sys
[2011.04.12 18:53:10 | 000,228,000 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acehlp10.sys
[2011.04.12 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buchner
[2011.04.12 18:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buchner
[2011.04.12 18:46:48 | 000,000,000 | RH-D | C] -- C:\Users\FIETE\AppData\Roaming\SecuROM
[2011.04.12 18:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
[2011.04.12 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6
[2011.04.12 18:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase-6
[2011.04.12 18:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auxilium Demoversion
[2011.04.12 18:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auxilium 3.1 light
[2011.04.12 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\auxilium 3.1 light
[2011.04.09 19:06:54 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{1D736F05-F961-47B9-9F78-EED358AF101B}
[2011.04.09 01:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.08 14:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperTux
[2011.04.08 14:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperTux
[2011.04.07 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{CBB90EA1-2675-4680-8661-A824F28A9D01}
[2011.04.07 19:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\x60xg1XV8
[2011.04.07 19:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickLatin 1.3.2c
[2011.04.07 19:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickLatin
[2011.04.07 19:39:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.04.07 19:39:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.04.04 14:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiritMt2
[2011.04.04 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.04.04 13:53:56 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{9546DEB2-9D7C-425B-9B4F-93E89CD8D2CF}
[2011.04.03 17:51:39 | 000,607,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2011.04.03 17:51:39 | 000,607,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp100.dll
[2011.04.03 17:22:32 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{B7BC2744-BC34-4689-A3DE-E0116F2B975A}
[2011.04.02 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LiveUpload
[2011.04.02 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{E0936F40-1CEE-4477-882B-F20B112A5C07}
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\mufin
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mufin
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mufin
[2011.04.02 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.04.02 16:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2011.04.02 16:56:48 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Documents\MAGIX Downloads
[2011.04.02 16:56:46 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\MAGIX
[2011.04.02 09:46:49 | 001,467,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100d.dll
[2011.04.02 09:46:49 | 001,467,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr100d.dll
[2011.04.02 09:46:49 | 000,631,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100d.dll
[2011.04.02 09:46:49 | 000,631,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp100d.dll
[2011.04.02 09:46:49 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\SysWow64\libcurld.dll
[2011.04.02 09:46:49 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\libcurld.dll
[2011.04.01 16:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiosurf
[2011.04.01 16:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiosurf
[2011.03.31 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011.03.31 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011.03.31 23:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer
[2011.03.29 22:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011.03.29 16:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E.M. Magic Swf2Avi
[2011.03.29 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\E.M. Magic Swf2Avi
[2011.03.28 18:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2011.03.28 17:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.03.26 12:45:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FIETE\*.tmp files -> C:\Users\FIETE\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.22 15:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 15:04:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\FIETE\Desktop\OTL.exe
[2011.04.22 10:48:04 | 001,611,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.22 10:48:04 | 000,696,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.22 10:48:04 | 000,651,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.22 10:48:04 | 000,147,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.22 10:48:04 | 000,120,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.22 10:28:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 23:37:46 | 000,142,432 | ---- | M] () -- C:\Users\FIETE\Desktop\Unbenannt2.png
[2011.04.21 22:09:20 | 003,340,238 | ---- | M] () -- C:\Users\FIETE\Desktop\Siro's pub 8.6.zip
[2011.04.21 22:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 22:04:50 | 000,068,361 | ---- | M] () -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6.rar
[2011.04.21 18:34:13 | 003,236,947 | ---- | M] () -- C:\Users\FIETE\Desktop\BlackLegend Public.rar
[2011.04.21 05:14:48 | 1786,170,646 | ---- | M] () -- C:\Users\FIETE\Desktop\Matrix 1999.exe
[2011.04.21 03:52:47 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:52:47 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:45:38 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.04.21 03:44:57 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 02:03:08 | 001,587,561 | ---- | M] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.rar
[2011.04.21 01:51:49 | 000,326,892 | ---- | M] () -- C:\Users\FIETE\Desktop\Sampleedited.jpg
[2011.04.21 01:23:51 | 000,024,300 | ---- | M] () -- C:\Users\FIETE\Desktop\Neuer Ordner.7z
[2011.04.21 01:19:19 | 000,040,448 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.exe
[2011.04.21 01:18:56 | 000,040,448 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.exe
[2011.04.21 01:12:49 | 000,000,795 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.bat
[2011.04.21 01:12:11 | 000,000,063 | ---- | M] () -- C:\Users\FIETE\Desktop\64bit.bat
[2011.04.21 01:08:54 | 000,000,789 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.bat
[2011.04.21 01:08:11 | 000,000,057 | ---- | M] () -- C:\Users\FIETE\Desktop\32bit.bat
[2011.04.21 00:59:58 | 000,000,779 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack.bat
[2011.04.20 23:18:16 | 000,075,507 | ---- | M] () -- C:\Users\FIETE\Desktop\Unbenannt.png
[2011.04.20 22:33:30 | 000,001,932 | ---- | M] () -- C:\Users\FIETE\Desktop\index.html
[2011.04.20 03:29:24 | 000,001,025 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.04.20 03:27:52 | 000,000,237 | ---- | M] () -- C:\Windows\SysNative\ibr.ini
[2011.04.20 03:14:52 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.18 21:49:15 | 001,358,944 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.04.18 01:07:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2011.04.18 00:14:12 | 000,367,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.17 17:30:54 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\FIETE\Desktop\tdsskiller.exe
[2011.04.17 10:18:57 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.16 15:56:54 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.04.16 15:52:17 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\qcapi.dll
[2011.04.13 17:54:36 | 000,653,824 | ---- | M] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.exe
[2011.04.12 18:57:33 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000736.LCS
[2011.04.12 18:53:10 | 000,277,904 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv10.sys
[2011.04.12 18:53:10 | 000,228,000 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acehlp10.sys
[2011.04.07 19:39:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.04.07 19:39:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.04.01 22:46:09 | 001,467,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100d.dll
[2011.04.01 22:46:09 | 001,467,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\msvcr100d.dll
[2011.04.01 22:46:06 | 000,631,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100d.dll
[2011.04.01 22:46:06 | 000,631,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\msvcp100d.dll
[2011.04.01 17:50:58 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\SysWow64\libcurld.dll
[2011.04.01 17:50:58 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\libcurld.dll
[2011.03.31 22:08:28 | 000,069,632 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\chrtmp
[2011.03.31 17:26:27 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Users\FIETE\Desktop\libcurld.dll
[2011.03.26 22:23:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.03.26 02:04:45 | 000,032,594 | ---- | M] () -- C:\Users\FIETE\AppData\Local\Tempsplash.jpg
[2011.03.25 20:34:38 | 000,081,964 | ---- | M] () -- C:\Users\FIETE\AppData\Local\TempStartup.wav
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FIETE\*.tmp files -> C:\Users\FIETE\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.21 23:37:35 | 000,142,432 | ---- | C] () -- C:\Users\FIETE\Desktop\Unbenannt2.png
[2011.04.21 22:09:18 | 003,340,238 | ---- | C] () -- C:\Users\FIETE\Desktop\Siro's pub 8.6.zip
[2011.04.21 22:04:49 | 000,068,361 | ---- | C] () -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6.rar
[2011.04.21 18:34:08 | 003,236,947 | ---- | C] () -- C:\Users\FIETE\Desktop\BlackLegend Public.rar
[2011.04.21 05:15:03 | 1786,170,646 | ---- | C] () -- C:\Users\FIETE\Desktop\Matrix 1999.exe
[2011.04.21 02:03:26 | 000,653,824 | ---- | C] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.exe
[2011.04.21 02:03:08 | 001,587,561 | ---- | C] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.rar
[2011.04.21 01:50:47 | 000,326,892 | ---- | C] () -- C:\Users\FIETE\Desktop\Sampleedited.jpg
[2011.04.21 01:31:04 | 000,001,932 | ---- | C] () -- C:\Users\FIETE\Desktop\index.html
[2011.04.21 01:23:45 | 000,024,300 | ---- | C] () -- C:\Users\FIETE\Desktop\Neuer Ordner.7z
[2011.04.21 01:19:08 | 000,040,448 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.exe
[2011.04.21 01:18:42 | 000,040,448 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.exe
[2011.04.21 01:12:48 | 000,000,795 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.bat
[2011.04.21 01:12:10 | 000,000,063 | ---- | C] () -- C:\Users\FIETE\Desktop\64bit.bat
[2011.04.21 01:08:54 | 000,000,789 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.bat
[2011.04.21 01:08:11 | 000,000,057 | ---- | C] () -- C:\Users\FIETE\Desktop\32bit.bat
[2011.04.20 23:18:13 | 000,075,507 | ---- | C] () -- C:\Users\FIETE\Desktop\Unbenannt.png
[2011.04.20 03:26:47 | 000,000,237 | ---- | C] () -- C:\Windows\SysNative\ibr.ini
[2011.04.20 03:14:52 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.19 19:57:42 | 000,000,779 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack.bat
[2011.04.18 22:04:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.04.18 22:04:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011.04.18 22:04:25 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011.04.18 22:04:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011.04.18 22:04:24 | 000,002,052 | ---- | C] () -- C:\Windows\UDB.zip
[2011.04.18 21:48:42 | 001,358,944 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.04.18 01:07:17 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2011.04.16 15:56:54 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.04.16 15:52:17 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\qcapi.dll
[2011.04.12 18:56:59 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000736.LCS
[2011.04.09 01:21:29 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.03 21:28:21 | 000,069,632 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\chrtmp
[2011.03.26 02:03:47 | 000,032,594 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Tempsplash.jpg
[2011.03.26 01:52:10 | 000,081,964 | ---- | C] () -- C:\Users\FIETE\AppData\Local\TempStartup.wav
[2011.03.26 01:43:54 | 000,062,233 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Tempsplash.png
[2011.03.25 21:40:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.03.03 20:25:00 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.02.22 21:13:05 | 000,000,059 | ---- | C] () -- C:\Windows\PTrainer2.ini
[2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\FIETE\AppData\Local\TempCyberLinK BG1.jpg
[2011.02.02 22:04:06 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 23:52:13 | 000,007,621 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\UserTile.png
[2010.12.24 00:07:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.12.12 23:02:47 | 000,001,126 | ---- | C] () -- C:\ProgramData\DAP Games Center.lnk
[2010.12.12 23:02:47 | 000,000,868 | ---- | C] () -- C:\ProgramData\Download Accelerator Plus.lnk
[2010.12.12 17:52:29 | 000,000,307 | ---- | C] () -- C:\Windows\thug2.ini
[2010.11.29 15:11:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.11.26 17:45:19 | 000,000,112 | ---- | C] () -- C:\Windows\galaxy.ini
[2010.11.18 15:01:37 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\jesterss.dll
[2010.11.12 20:16:28 | 000,000,135 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\RSBot_Accounts.ini
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.20 16:34:32 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.20 15:51:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.12 22:30:10 | 000,294,974 | R--- | C] () -- C:\Windows\SysWow64\RTL283XACCESS.dll
[2010.08.05 13:28:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.05.27 18:22:16 | 000,000,000 | ---- | C] () -- C:\Windows\whopper.ini
[2010.05.14 11:45:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.05.14 11:45:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010.02.21 00:57:42 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.01.21 22:16:30 | 000,009,728 | ---- | C] () -- C:\Users\FIETE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.18 15:43:47 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.12.31 17:01:03 | 000,007,603 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Resmon.ResmonCfg
[2009.12.29 19:13:19 | 000,000,232 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.10.30 11:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009.10.30 11:06:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.08.27 09:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 09:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 09:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 09:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2000.02.10 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000.02.10 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report > Extras: Code:
OTL Extras logfile created on: 22.04.2011 15:05:29 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\FIETE\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 83,97 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 171,30 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
Computer Name: FIETE-TOSH | User Name: FIETE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = UltraEdit.html] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.ini [@ = UltraEdit.ini] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.js [@ = UltraEdit.js] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.wsf [@ = WSFFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B0ADC3A-FDD7-44D3-B9DF-A811414B0C75}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53480140-1E7B-4DB5-BAA6-4D02D0452355}" = O&O MediaRecovery
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{80488962-EB4D-46B2-9E03-F3A8ACA6AE82}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0085029F-9640-4D93-800D-D0F53188758A}" = Arschloch3D
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4629 Banner Remover 1.0
"{0AFCF5C4-D09B-4BAA-8C4D-1F61CF67BD65}" = mufin player 2.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B39429C-A1AF-4CC7-87BE-C69F5543A054}_is1" = Spammer 1.0.0.0
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F62A62A-CDAD-4C8A-B110-C5541C496290}_is1" = Swf To Gif Converter 3.6
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{481463D7-E5D9-4331-B154-B75D6D3C15F8}" = Worms 3D Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6FF1763A-35B2-4DF5-AB57-AB5613AFBAE0}" = (T)Raumschiff Surprise - Periode 1 - XXL
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{764A334E-5C9A-4EB9-9BD4-8E8BC422FFD8}" = S4 League_EU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4E4ACA0-79C5-4FC0-818F-ECE4521EBF8D}" = COMPUTERBILD-Abzockschutz
"{B56B13EF-5FD0-4750-B935-66A37103A80F}" = Crazy Machines - Neues aus dem Labor
"{BB10B255-CCA5-4522-8F0C-491CD59A086E}" = MemoduxPLUS
"{BCD8FB4A-8205-4C5F-8822-5D3E7B1E54C8}_is1" = SWF to MP3 Converter v2.4 build 189
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48C44A4-05F4-4C23-BE1F-F37A9CD6ACA3}" = Marble ix
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81A7285-8CA6-4430-B6C0-5F719E4D40D9}" = SpongeBob Schwammkopf - Der Film
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"7-Zip" = 7-Zip 4.65
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aeon" = Aeon
"AnvSoft Flash to Video Converter_is1" = AnvSoft Flash to Video Converter 1.2.1
"ArtMoney SE_is1" = ArtMoney SE v7.33
"Ashampoo Magical UnInstall 2_is1" = Ashampoo Magical UnInstall 2
"Audiosurf_is1" = Audiosurf Beta
"auxilium 3.1 light_is1" = auxilium 3.1 light
"auxilium Demoversion_is1" = auxilium Demoversion (3.1)
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 3.0
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Clean My Registry_is1" = Clean My Registry v5.2
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.0
"E.M. Magic Swf2Avi_is1" = E.M. Magic Swf2Avi V6.80
"eBay Icon" = eBay Icon
"EpicBot" = EpicBot
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"ExpressBurn" = Express Burn CD DVD Blu-Ray Brenner
"ExpressRip" = Express Rip
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FormatFactory" = FormatFactory 2.60
"Fraps" = Fraps
"FSX_Screensaver" = FSX_Screensaver
"Game Booster_is1" = Game Booster
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"Google Chrome" = Google Chrome
"Half-Life 2" = Half-Life 2
"Halo CE" = Microsoft Halo Custom Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"JDownloader" = JDownloader
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixPad" = MixPad Audio Mixer
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"phase-6" = phase-6 2.1.0.5
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1
"PhotoStage" = PhotoStage Slideshow Producer
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"PKR" = PKR
"Prism" = Prism Video Converter
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Samplisizer v1.2 (Demo)" = Samplisizer v1.2 (Demo)
"SCREEN2EXE_is1" = SCREEN2EXE 2.9 (build:2204)
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"SpeedFan" = SpeedFan (remove only)
"SpiritMt2" = SpiritMt2
"ST6UNST #1" = QuickLatin 1.3.2c
"SuperTux_is1" = SuperTux 0.1.3
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"SWF to MP3 Converter_is1" = SWF to MP3 Converter v2.3 build 146
"Switch" = Switch Audiodatei-Konverter
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"TVRTLDrv" = DVB-T USB BDA Driver
"UltraISO_is1" = UltraISO Premium V9.36
"Undelete 360_is1" = Undelete 360
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.9
"WavePad" = WavePad Audiobearbeitungs-Software
"whopper_is1" = whopper
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report > Ausserdem werde ich seit kurzem nichtmehr auf oigtreaognnh.com geleitet wenn ich ne google Suche mache! Das lag daran, dass ich GoogleToolbarNotifer dank msconfig ausm Systemstart geworfen und gelöscht habe. Bevor du dich fragst: Warum hast du das gemacht?
Ich habe das typische erkannt-> Ganz plötzlich hat er so viel Anwendungsspeicher gebraucht wie kein Spiel oder Firefox :schrei: (hängt wie sau ich steig auf Google Chrome um :Boogie: ) und das war halt sehr ungewöhnlich. Und wie das halt so is mit böser Software, versucht sie ja immer einem das Arbeiten am PC zu erschweren, indem das System voll ausgelastet wird. Ich habe gleich reagiert und GoogleToolbarNotifer.exe entfernt, auch weil avast ihn als ich ihn einzeln gescannt hatte nur bedingt erkannt hatte. Also es stand zwar da keine Bedrohung gefunden aber ich hab gesehen, dass öfters diese Interneteinstellungsdingsbumsmeldung sich geöffnet hat und avast nicht kommunizieren lassen wollte, weil es Zugriff auf diese Datei wollte. Da der Rootkit mehr Rechte als ich hat, konnte er das unterbinden nach einer kurzen Zeit, aber nicht meinen Verstand :aufsmaul:
Zum Glück habe ich alles für einen Backup vorbereitet... aber ich werde auf keine andere Seite mehr geleitet, was schonmal ein gutes Zeichen ist, aber ich bin mir sicher, dass ich den Rootkit noch lange nicht losbin, ich glaube er kann nur eingeschränkt funktionieren, wenn ich WOT eingeschaltet hab. Es blockiert zum Glück die weiteren bösen Seiten... :dummguck: |