Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FakeHDD ShowMyComputer (PUM.Hijack.StartMenu) [Solved]


  • This topic is locked This topic is locked

#1
Wolfizero

Wolfizero

    Member

  • Member
  • PipPip
  • 15 posts
Hello,

got a big FakeHDD Problem. I already clean up a bit with Malewarebytes Anti-Malware, but of course the problem is still there. So I guess I need a OTL Fix for that. Would be great if someone takes a look on it.

OTL logfile created on: 04.02.2012 02:43:13 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Wolfi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,51% Memory free
7,08 Gb Paging File | 6,37 Gb Available in Paging File | 89,99% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 26,61 Gb Free Space | 5,71% Space Free | Partition Type: NTFS

Computer Name: WOLFI-PC | User Name: Wolfi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Wolfi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Wolfi\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Wolfi\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (CPUCooLServer) -- File not found
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_e286960.dll ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SandraAgentSrv) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Cherry Device Interface) -- C:\Programme\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (SANDRA) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys (SiSoftware)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cFosNT) -- C:\Windows\System32\Drivers\cFosNT.sys (cFos Software GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (ha20x2k) -- C:\Windows\System32\drivers\HA20X2K.SYS (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\CTDVDA2K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\CTAUD2K.SYS (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online....ie_t-online.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online....ir/ie_suche.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online....ie_t-online.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 6F F4 EC 49 B5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX Runtime 2.0\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wolfi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 02:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 19:48:48 | 000,000,000 | ---D | M]

[2009.02.09 11:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.01.28 21:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions
[2011.12.24 22:24:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.30 01:05:23 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010.04.25 12:30:38 | 000,001,840 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\bing.xml
[2012.02.01 14:15:21 | 000,001,056 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\icqplugin.xml
[2009.08.29 16:25:07 | 000,000,952 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\youtube-videosuche.xml
[2011.12.17 11:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
[2011.12.31 02:34:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.04 14:49:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 14:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 14:49:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 14:49:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 14:49:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 14:49:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.12.06 08:50:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX Runtime 2.0\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [QFIbEoUCQmCWD.exe] C:\ProgramData\QFIbEoUCQmCWD.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.1 217.0.43.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED490E5-A5D2-442E-9EA0-75DE411CAA91}: DhcpNameServer = 217.0.43.1 217.0.43.193
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.03 17:18:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.03 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Desktop\Malwarebytes' Anti-Malware
[2012.02.02 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Creative
[2012.02.01 12:58:52 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\Updreg.EXE
[2012.02.01 12:58:05 | 000,094,208 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele32.dll
[2012.02.01 12:56:04 | 000,048,400 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\AddCat.exe
[2012.02.01 12:54:28 | 000,011,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\CTDCRGER.DLL
[2012.02.01 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
[2012.01.27 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012.01.26 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Magic Set Editor
[2012.01.26 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Set Editor 2
[2012.01.25 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.01.22 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Day 1 Studios
[2012.01.22 10:24:52 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012.01.22 10:24:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012.01.11 11:20:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 11:20:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 11:20:01 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 11:19:57 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 11:19:57 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.10 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Local\SWTOR
[2012.01.10 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\HeroBlade Logs
[2012.01.10 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.01.10 11:10:08 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic
[2012.01.09 11:17:56 | 000,000,000 | ---D | C] -- C:\Microsoft Games
[2012.01.06 18:22:23 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2007.10.25 14:57:44 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2007.10.25 14:42:46 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\KILLAPPS.EXE
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.03 17:18:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 17:10:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.03 17:06:59 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 17:06:59 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 14:50:05 | 000,002,116 | ---- | M] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 17:26:42 | 000,000,456 | ---- | M] () -- C:\ProgramData\ekMFD1W9NQq5nU
[2012.02.02 17:25:29 | 000,000,304 | ---- | M] () -- C:\ProgramData\~ekMFD1W9NQq5nU
[2012.02.02 17:25:29 | 000,000,224 | ---- | M] () -- C:\ProgramData\~ekMFD1W9NQq5nUr
[2012.02.02 17:18:57 | 449,706,338 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 16:53:46 | 000,000,605 | ---- | M] () -- C:\Users\Wolfi\Desktop\System Check.lnk
[2012.02.02 16:53:36 | 000,336,520 | ---- | M] () -- C:\ProgramData\ekMFD1W9NQq5nU.exe
[2012.02.02 16:51:54 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:45:36 | 000,427,144 | -HS- | M] () -- C:\ProgramData\QFIbEoUCQmCWD.exe
[2012.02.02 14:54:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.02.02 14:51:18 | 000,193,379 | ---- | M] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012.01.31 22:38:56 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | M] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.30 21:49:04 | 000,105,984 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.27 08:35:54 | 000,337,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.26 12:49:22 | 000,738,974 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 12:49:22 | 000,687,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 12:49:22 | 000,168,432 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 12:49:22 | 000,138,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.24 16:46:14 | 000,017,885 | ---- | M] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.18 03:34:58 | 000,089,114 | ---- | M] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:23 | 000,766,388 | ---- | M] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.03 14:50:05 | 000,002,116 | ---- | C] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 16:57:47 | 000,000,304 | ---- | C] () -- C:\ProgramData\~ekMFD1W9NQq5nU
[2012.02.02 16:57:47 | 000,000,224 | ---- | C] () -- C:\ProgramData\~ekMFD1W9NQq5nUr
[2012.02.02 16:53:46 | 000,000,605 | ---- | C] () -- C:\Users\Wolfi\Desktop\System Check.lnk
[2012.02.02 16:53:43 | 000,000,456 | ---- | C] () -- C:\ProgramData\ekMFD1W9NQq5nU
[2012.02.02 16:53:32 | 000,336,520 | ---- | C] () -- C:\ProgramData\ekMFD1W9NQq5nU.exe
[2012.02.02 16:48:39 | 000,427,144 | -HS- | C] () -- C:\ProgramData\QFIbEoUCQmCWD.exe
[2012.02.02 14:51:18 | 000,193,379 | ---- | C] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2012.02.01 13:03:35 | 000,064,756 | ---- | C] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 12:58:52 | 000,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2012.02.01 12:56:04 | 001,048,576 | ---- | C] () -- C:\Windows\System32\CT1MGM.ROM
[2012.02.01 12:56:03 | 000,098,174 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2012.02.01 12:56:03 | 000,003,128 | ---- | C] () -- C:\Windows\System32\XFi.bmp
[2012.02.01 12:56:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2012.02.01 12:54:28 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2012.02.01 12:53:39 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2012.02.01 12:53:38 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2012.02.01 12:53:37 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT2MGM.SF2
[2012.02.01 12:53:29 | 029,705,938 | ---- | C] () -- C:\Windows\System32\28MBGM.sf2
[2012.01.31 22:38:56 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | C] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.24 16:46:14 | 000,017,885 | ---- | C] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.18 03:34:58 | 000,089,114 | ---- | C] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:22 | 000,766,388 | ---- | C] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[2011.11.08 15:50:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.10.26 13:47:55 | 000,007,672 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.freeciv-client-rc-2.3
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.27 11:56:33 | 000,000,133 | ---- | C] () -- C:\Windows\Wininit.INI
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.28 06:36:43 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.19 20:33:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.13 17:45:05 | 000,038,912 | ---- | C] () -- C:\Windows\System32\NVDevTray.dll
[2011.06.13 17:44:02 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011.06.13 17:43:47 | 001,388,544 | ---- | C] () -- C:\Windows\System32\nvpmapi.dll
[2011.06.13 17:43:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nvISWOW64.dll
[2011.05.27 02:40:40 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.05.27 02:40:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.05.15 20:49:27 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bko
[2011.05.15 13:02:48 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bk!
[2011.05.15 13:01:47 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bak
[2011.05.15 01:01:59 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.ini
[2011.05.13 21:01:49 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.04.26 20:43:07 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.04.25 21:52:34 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 17:17:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.11 17:17:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.25 09:10:28 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.12.24 05:06:16 | 000,028,052 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\OFMissionEditorConfig.xml
[2010.11.11 20:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.10.03 10:24:10 | 000,000,760 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\setup_ldm.iss
[2010.09.07 11:36:06 | 000,860,160 | ---- | C] () -- C:\Windows\System32\spk.dll
[2010.08.27 14:07:05 | 000,090,624 | ---- | C] () -- C:\Windows\VSUNINST.EXE
[2010.08.22 22:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.08.10 14:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2010.07.18 17:20:48 | 000,000,760 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 13:21:02 | 000,089,446 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.06.09 19:35:51 | 000,000,069 | ---- | C] () -- C:\Windows\cc.ini
[2010.06.02 18:01:52 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.26 22:44:22 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.01 15:14:23 | 000,000,083 | ---- | C] () -- C:\Windows\CIV.INI
[2010.04.27 21:36:04 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.04.17 20:01:25 | 000,000,026 | ---- | C] () -- C:\Windows\buffygame.INI
[2010.03.27 23:22:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.03.25 15:29:11 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.02.21 09:42:56 | 000,000,551 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AutoGK.ini
[2010.02.18 07:09:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.18 07:09:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.18 07:09:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.18 07:09:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.18 07:09:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.06 19:39:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.06 19:37:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.28 01:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.23 19:15:47 | 000,113,152 | -HS- | C] () -- C:\Windows\System32\SCX.dll
[2009.11.04 17:21:31 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.10.16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009.10.04 07:13:20 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.09.24 02:52:56 | 000,008,312 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.civclientrc
[2009.09.23 16:26:29 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat
[2009.09.22 19:01:35 | 000,000,179 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2009.09.22 17:21:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.09.04 05:46:33 | 000,000,437 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2009.09.03 02:53:33 | 000,000,307 | ---- | C] () -- C:\Windows\Romme.INI
[2009.09.03 02:48:27 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.08.09 22:10:56 | 000,004,620 | ---- | C] () -- C:\Windows\XChange.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.02 09:57:24 | 000,138,056 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PnkBstrK.sys
[2009.05.30 00:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 00:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.26 01:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AVSMediaPlayer.m3u
[2009.05.19 02:05:54 | 000,000,340 | ---- | C] () -- C:\Windows\scummvm.ini
[2009.03.30 04:16:00 | 000,000,072 | ---- | C] () -- C:\Windows\mix-fx.ini
[2009.03.28 20:26:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.03.28 20:26:00 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.03.19 16:23:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.03.10 11:14:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE
[2009.03.09 14:25:55 | 000,000,711 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.02.18 17:44:08 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.18 17:42:22 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.17 18:01:28 | 000,000,099 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.14 13:52:27 | 000,046,592 | ---- | C] () -- C:\Windows\System32\DrvMgt.dll
[2009.02.14 13:52:27 | 000,000,712 | ---- | C] () -- C:\Windows\System32\layout.bin
[2009.02.12 17:08:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.11 05:25:53 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.11 05:25:46 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.02.11 05:25:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.02.10 06:48:37 | 000,105,984 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.09 10:56:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.09 10:18:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.09 09:52:42 | 000,000,093 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\fusioncache.dat
[2009.02.09 09:18:02 | 000,023,888 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\UserTile.png
[2009.02.09 09:08:01 | 000,000,169 | ---- | C] () -- C:\Windows\uno.ini
[2009.02.09 09:07:58 | 000,287,744 | ---- | C] () -- C:\Windows\uno364mi.dll
[2009.02.09 09:07:58 | 000,109,568 | ---- | C] () -- C:\Windows\vos364mi.dll
[2009.02.09 09:07:58 | 000,091,648 | ---- | C] () -- C:\Windows\osl364mi.dll
[2009.02.06 17:17:50 | 000,001,356 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\d3d9caps.dat
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008.01.21 08:15:58 | 000,738,974 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,168,432 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.25 14:59:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007.10.25 14:56:28 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2007.10.25 14:46:54 | 000,325,724 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007.10.25 14:46:54 | 000,055,904 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007.10.25 14:45:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\REGPLIB.EXE
[2007.10.25 14:44:52 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2007.10.25 14:43:10 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2007.10.25 14:43:04 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007.10.25 14:43:04 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007.10.25 14:42:50 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2007.10.25 14:42:50 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2007.10.25 14:42:48 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ENLOCSTR.EXE
[2007.09.04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.08.13 13:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007.06.07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.10 22:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,337,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,687,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.02 10:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2000.02.09 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000.02.09 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1998.06.13 21:53:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Unicode (All) ==========
(C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????) -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\クレージュ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\クレージュ

< End of report >

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there are you still missing your files/folders/icons ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [QFIbEoUCQmCWD.exe] C:\ProgramData\QFIbEoUCQmCWD.exe ()
    [2012.02.02 17:26:42 | 000,000,456 | ---- | M] () -- C:\ProgramData\ekMFD1W9NQq5nU
    [2012.02.02 17:25:29 | 000,000,304 | ---- | M] () -- C:\ProgramData\~ekMFD1W9NQq5nU
    [2012.02.02 17:25:29 | 000,000,224 | ---- | M] () -- C:\ProgramData\~ekMFD1W9NQq5nUr
    [2012.02.02 16:53:46 | 000,000,605 | ---- | M] () -- C:\Users\Wolfi\Desktop\System Check.lnk
    [2012.02.02 16:53:36 | 000,336,520 | ---- | M] () -- C:\ProgramData\ekMFD1W9NQq5nU.exe
    [2012.02.02 16:57:47 | 000,000,304 | ---- | C] () -- C:\ProgramData\~ekMFD1W9NQq5nU
    [2012.02.02 16:57:47 | 000,000,224 | ---- | C] () -- C:\ProgramData\~ekMFD1W9NQq5nUr
    [2012.02.02 16:53:46 | 000,000,605 | ---- | C] () -- C:\Users\Wolfi\Desktop\System Check.lnk
    [2012.02.02 16:53:43 | 000,000,456 | ---- | C] () -- C:\ProgramData\ekMFD1W9NQq5nU
    [2012.02.02 16:53:32 | 000,336,520 | ---- | C] () -- C:\ProgramData\ekMFD1W9NQq5nU.exe
    [2012.02.02 16:48:39 | 000,427,144 | -HS- | C] () -- C:\ProgramData\QFIbEoUCQmCWD.exe

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks,

I "restore" (they were just hidden und not erased, but you know what I mean) all data und files, but die startmenu seems pretty empty. The folders are there, but the content is gone. But these are just shortcuts, right?

Here the new OTL.txt

OTL logfile created on: 04.02.2012 17:58:55 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Wolfi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 79,52% Memory free
7,05 Gb Paging File | 6,64 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 26,67 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
 
Computer Name: WOLFI-PC | User Name: Wolfi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Wolfi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (CPUCooLServer) --  File not found
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_e286960.dll ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SandraAgentSrv) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Cherry Device Interface) -- C:\Programme\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (SANDRA) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys (SiSoftware)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cFosNT) -- C:\Windows\System32\Drivers\cFosNT.sys (cFos Software GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ha20x2k) -- C:\Windows\System32\drivers\HA20X2K.SYS (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\CTDVDA2K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\CTAUD2K.SYS (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/service/redir/ie_t-online.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 6F F4 EC 49 B5 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX Runtime 2.0\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wolfi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 02:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 19:48:48 | 000,000,000 | ---D | M]
 
[2009.02.09 11:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.01.28 21:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions
[2011.12.24 22:24:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.30 01:05:23 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010.04.25 12:30:38 | 000,001,840 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\bing.xml
[2012.02.01 14:15:21 | 000,001,056 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\icqplugin.xml
[2009.08.29 16:25:07 | 000,000,952 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\youtube-videosuche.xml
[2011.12.17 11:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
[2011.12.31 02:34:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.04 14:49:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 14:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 14:49:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 14:49:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 14:49:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 14:49:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.04 17:55:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX Runtime 2.0\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.1 217.0.43.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED490E5-A5D2-442E-9EA0-75DE411CAA91}: DhcpNameServer = 217.0.43.1 217.0.43.193
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.02.03 17:18:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.03 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Desktop\Malwarebytes' Anti-Malware
[2012.02.02 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Creative
[2012.02.01 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
[2012.01.27 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012.01.26 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Magic Set Editor
[2012.01.26 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Set Editor 2
[2012.01.25 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.01.22 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Day 1 Studios
[2012.01.10 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Local\SWTOR
[2012.01.10 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\HeroBlade Logs
[2012.01.10 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.01.10 11:10:08 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic
[2012.01.09 11:17:56 | 000,000,000 | ---D | C] -- C:\Microsoft Games
[2012.01.06 18:22:23 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2007.10.25 14:57:44 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2007.10.25 14:42:46 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\KILLAPPS.EXE
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.02.04 17:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 17:55:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.02.04 16:54:26 | 000,001,356 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\d3d9caps.dat
[2012.02.03 17:18:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 17:06:59 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 17:06:59 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 14:50:05 | 000,002,116 | ---- | M] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 17:18:57 | 449,706,338 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 16:53:46 | 000,000,629 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012.02.02 16:51:54 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 14:54:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.02.02 14:51:18 | 000,193,379 | ---- | M] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012.01.31 22:38:56 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | M] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.30 21:49:04 | 000,105,984 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.27 08:35:54 | 000,337,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.26 12:49:22 | 000,738,974 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 12:49:22 | 000,687,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 12:49:22 | 000,168,432 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 12:49:22 | 000,138,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.24 16:46:14 | 000,017,885 | ---- | M] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.18 03:34:58 | 000,089,114 | ---- | M] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:23 | 000,766,388 | ---- | M] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[2012.01.10 11:42:20 | 000,000,708 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.02.04 17:55:14 | 000,001,906 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2012.02.04 17:55:14 | 000,001,748 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.02.04 17:55:14 | 000,001,063 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Fallout Mod Manager.lnk
[2012.02.04 17:55:14 | 000,000,943 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.02.04 17:55:14 | 000,000,938 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.02.04 17:55:14 | 000,000,930 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.02.04 17:55:14 | 000,000,914 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2012.02.04 17:55:14 | 000,000,792 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeSize Free.lnk
[2012.02.04 17:55:14 | 000,000,752 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2012.02.04 17:55:14 | 000,000,708 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2012.02.04 17:55:14 | 000,000,629 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012.02.04 17:55:14 | 000,000,258 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.02.04 17:55:14 | 000,000,240 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.02.04 17:55:13 | 000,001,784 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner Pro.lnk
[2012.02.04 17:55:13 | 000,000,846 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\ StreamTransport.lnk
[2012.02.04 17:55:13 | 000,000,829 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Fahrplanwaldstraße.pdf - Verknüpfung.lnk
[2012.02.03 14:50:05 | 000,002,116 | ---- | C] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 14:51:18 | 000,193,379 | ---- | C] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2012.02.01 13:03:35 | 000,064,756 | ---- | C] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 12:58:52 | 000,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2012.02.01 12:56:04 | 001,048,576 | ---- | C] () -- C:\Windows\System32\CT1MGM.ROM
[2012.02.01 12:56:03 | 000,098,174 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2012.02.01 12:56:03 | 000,003,128 | ---- | C] () -- C:\Windows\System32\XFi.bmp
[2012.02.01 12:56:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2012.02.01 12:54:28 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2012.02.01 12:53:39 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2012.02.01 12:53:38 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2012.02.01 12:53:37 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT2MGM.SF2
[2012.02.01 12:53:29 | 029,705,938 | ---- | C] () -- C:\Windows\System32\28MBGM.sf2
[2012.01.31 22:38:56 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | C] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.24 16:46:14 | 000,017,885 | ---- | C] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.18 03:34:58 | 000,089,114 | ---- | C] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:22 | 000,766,388 | ---- | C] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[2011.11.08 15:50:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.10.26 13:47:55 | 000,007,672 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.freeciv-client-rc-2.3
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.27 11:56:33 | 000,000,133 | ---- | C] () -- C:\Windows\Wininit.INI
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.28 06:36:43 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.19 20:33:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.13 17:45:05 | 000,038,912 | ---- | C] () -- C:\Windows\System32\NVDevTray.dll
[2011.06.13 17:44:02 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011.06.13 17:43:47 | 001,388,544 | ---- | C] () -- C:\Windows\System32\nvpmapi.dll
[2011.06.13 17:43:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nvISWOW64.dll
[2011.05.27 02:40:40 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.05.27 02:40:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.05.15 20:49:27 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bko
[2011.05.15 13:02:48 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bk!
[2011.05.15 13:01:47 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bak
[2011.05.15 01:01:59 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.ini
[2011.05.13 21:01:49 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.04.26 20:43:07 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.04.25 21:52:34 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 17:17:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.11 17:17:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.25 09:10:28 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.12.24 05:06:16 | 000,028,052 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\OFMissionEditorConfig.xml
[2010.11.11 20:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.10.03 10:24:10 | 000,000,760 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\setup_ldm.iss
[2010.09.07 11:36:06 | 000,860,160 | ---- | C] () -- C:\Windows\System32\spk.dll
[2010.08.27 14:07:05 | 000,090,624 | ---- | C] () -- C:\Windows\VSUNINST.EXE
[2010.08.22 22:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.08.10 14:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2010.07.18 17:20:48 | 000,000,760 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 13:21:02 | 000,089,446 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.06.09 19:35:51 | 000,000,069 | ---- | C] () -- C:\Windows\cc.ini
[2010.06.02 18:01:52 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.26 22:44:22 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.01 15:14:23 | 000,000,083 | ---- | C] () -- C:\Windows\CIV.INI
[2010.04.27 21:36:04 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.04.17 20:01:25 | 000,000,026 | ---- | C] () -- C:\Windows\buffygame.INI
[2010.03.27 23:22:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.03.25 15:29:11 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.02.21 09:42:56 | 000,000,551 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AutoGK.ini
[2010.02.18 07:09:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.18 07:09:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.18 07:09:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.18 07:09:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.18 07:09:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.06 19:39:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.06 19:37:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.28 01:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.23 19:15:47 | 000,113,152 | -HS- | C] () -- C:\Windows\System32\SCX.dll
[2009.11.04 17:21:31 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.10.16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009.10.04 07:13:20 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.09.24 02:52:56 | 000,008,312 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.civclientrc
[2009.09.23 16:26:29 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat
[2009.09.22 19:01:35 | 000,000,179 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2009.09.22 17:21:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.09.04 05:46:33 | 000,000,437 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2009.09.03 02:53:33 | 000,000,307 | ---- | C] () -- C:\Windows\Romme.INI
[2009.09.03 02:48:27 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.08.09 22:10:56 | 000,004,620 | ---- | C] () -- C:\Windows\XChange.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.02 09:57:24 | 000,138,056 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PnkBstrK.sys
[2009.05.30 00:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 00:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.26 01:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AVSMediaPlayer.m3u
[2009.05.19 02:05:54 | 000,000,340 | ---- | C] () -- C:\Windows\scummvm.ini
[2009.03.30 04:16:00 | 000,000,072 | ---- | C] () -- C:\Windows\mix-fx.ini
[2009.03.28 20:26:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.03.28 20:26:00 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.03.19 16:23:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.03.10 11:14:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE
[2009.03.09 14:25:55 | 000,000,711 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.02.18 17:44:08 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.18 17:42:22 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.17 18:01:28 | 000,000,099 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.14 13:52:27 | 000,046,592 | ---- | C] () -- C:\Windows\System32\DrvMgt.dll
[2009.02.14 13:52:27 | 000,000,712 | ---- | C] () -- C:\Windows\System32\layout.bin
[2009.02.12 17:08:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.11 05:25:53 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.11 05:25:46 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.02.11 05:25:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.02.10 06:48:37 | 000,105,984 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.09 10:56:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.09 10:18:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.09 09:52:42 | 000,000,093 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\fusioncache.dat
[2009.02.09 09:18:02 | 000,023,888 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\UserTile.png
[2009.02.09 09:08:01 | 000,000,169 | ---- | C] () -- C:\Windows\uno.ini
[2009.02.09 09:07:58 | 000,287,744 | ---- | C] () -- C:\Windows\uno364mi.dll
[2009.02.09 09:07:58 | 000,109,568 | ---- | C] () -- C:\Windows\vos364mi.dll
[2009.02.09 09:07:58 | 000,091,648 | ---- | C] () -- C:\Windows\osl364mi.dll
[2009.02.06 17:17:50 | 000,001,356 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\d3d9caps.dat
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008.01.21 08:15:58 | 000,738,974 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,168,432 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.25 14:59:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007.10.25 14:56:28 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2007.10.25 14:46:54 | 000,325,724 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007.10.25 14:46:54 | 000,055,904 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007.10.25 14:45:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\REGPLIB.EXE
[2007.10.25 14:44:52 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2007.10.25 14:43:10 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2007.10.25 14:43:04 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007.10.25 14:43:04 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007.10.25 14:42:50 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2007.10.25 14:42:50 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2007.10.25 14:42:48 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ENLOCSTR.EXE
[2007.09.04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.08.13 13:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007.06.07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.10 22:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,337,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,687,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.02 10:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2000.02.09 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000.02.09 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1998.06.13 21:53:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.10.26 13:32:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.freeciv
[2012.01.31 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2011.12.06 22:24:00 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft - Kopie
[2010.05.31 16:06:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\adma
[2010.05.14 12:47:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Amazon
[2009.09.08 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Astroburn
[2010.03.12 02:07:30 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2011.03.15 13:33:23 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\AtomZombieData
[2011.03.15 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\AtomZombieDemoData
[2010.10.01 12:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2011.03.30 01:39:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Auslogics
[2011.04.09 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Azureus
[2010.01.05 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\c-software
[2011.10.16 05:20:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canneverbe Limited
[2009.03.05 13:10:48 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2011.11.27 23:21:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.21 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cherry
[2011.05.31 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Clonk Rage
[2011.06.06 02:10:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cobra Mobile
[2011.11.27 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.03.11 05:26:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2009.03.09 05:32:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.04.25 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\CPUControl
[2011.03.07 14:36:53 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cuttermaran
[2009.03.09 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools
[2010.02.16 06:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools Lite
[2009.03.09 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools Pro
[2012.01.22 12:35:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Day 1 Studios
[2009.08.14 04:32:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DeepBurner
[2010.10.27 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Digital Red
[2011.07.01 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\eroboxxx
[2009.02.23 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\FireShot
[2010.08.19 00:07:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\fltk.org
[2011.05.29 20:56:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\FOG Downloader
[2011.10.01 14:10:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\fotw
[2011.02.05 01:56:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\GetRightToGo
[2011.12.29 03:10:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\GSFile
[2012.01.05 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\gtk-2.0
[2011.04.21 02:02:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2011.05.10 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2009.04.25 08:52:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\InterVideo
[2010.05.05 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\IObit
[2011.05.18 11:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\JAM Software
[2011.05.18 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\JavaEditor
[2011.02.19 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2010.03.17 08:01:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2011.10.09 02:55:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2011.11.24 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LucasArts
[2012.01.26 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Magic Set Editor
[2010.10.05 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.03.10 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\MudTV
[2011.05.27 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\OpenOffice.org
[2011.10.22 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2009.02.09 09:18:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\PeerNetworking
[2011.03.15 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Polynomial
[2011.12.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ProtectDisc
[2011.09.15 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\pymclevel
[2010.04.24 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\QuickScan
[2009.11.04 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Red Alert 3
[2011.07.01 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\RenPy
[2011.03.20 00:51:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Samsung
[2009.05.19 02:06:13 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ScummVM
[2010.06.10 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\SPORE
[2011.09.22 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\SYBEX.PC-Fahrschule09.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2011.05.01 05:58:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\System
[2009.02.09 09:51:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\T-Online
[2009.08.20 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\tell
[2009.11.10 20:35:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\temp
[2009.09.16 13:03:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2011.02.11 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thinstall
[2012.01.21 10:18:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2011.09.06 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4 Demo
[2011.09.24 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TS3Client
[2011.09.24 15:34:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ts3overlay
[2011.12.04 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TuneUp Software
[2012.01.22 04:19:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2010.04.15 07:07:45 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Uniblue
[2011.04.09 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\uTorrent
[2009.09.22 18:52:12 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Video DVD Maker FREE
[2010.02.21 12:10:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\VistaCodecs
[2011.05.01 05:58:01 | 000,000,000 | -HSD | M] -- C:\Users\Wolfi\AppData\Roaming\wyUpdate AU
[2011.10.13 03:23:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\XnView
[2012.02.03 17:07:47 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
(C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????) -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\クレージュ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\クレージュ

< End of report >

Edited by Wolfizero, 04 February 2012 - 11:08 AM.

  • 0

#4
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
and the aswMBR-Scan.

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you use the show hidden files function. If so could you reset it and then run the following programme

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
  • 0

#6
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The shortcuts are there again. You are good!

Here are the RK reports.

Attached Files


Edited by Wolfizero, 04 February 2012 - 11:29 AM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm Roguekiller reports 5 failures so lets see if I can find them .. What are your current problems ?


  • Run OTL there will be just one log this time .
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#8
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I'll do the scan right now. Now I'm in save mode, should I switch windows back to normal and take a look how it's doing? There is also still that fake "system check" which were running within the fakehdd. I can see the icon at my shortcuts next to the Windows "Start"-Button.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run from normal mode please and this OTL run should show the location for me to kill :ph34r:
  • 0

#10
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
For any reason I don't get a Extras.txt...

OTL logfile created on: 04.02.2012 18:45:42 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Wolfi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,62% Memory free
7,05 Gb Paging File | 5,94 Gb Available in Paging File | 84,26% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 26,53 Gb Free Space | 5,70% Space Free | Partition Type: NTFS

Computer Name: WOLFI-PC | User Name: Wolfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Wolfi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Windows\System32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Programme\MSI Afterburner\RTMUI.dll ()
MOD - C:\Programme\MSI Afterburner\RTHAL.dll ()
MOD - C:\Programme\MSI Afterburner\RTCore.dll ()
MOD - C:\Programme\MSI Afterburner\RTUI.dll ()
MOD - C:\Programme\MSI Afterburner\RTFC.dll ()
MOD - C:\Programme\MSI Afterburner\RTTSH.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\CTXFIGER.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (CPUCooLServer) -- File not found
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_e286960.dll ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SandraAgentSrv) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Cherry Device Interface) -- C:\Programme\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (SANDRA) -- C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys (SiSoftware)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cFosNT) -- C:\Windows\System32\Drivers\cFosNT.sys (cFos Software GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (ha20x2k) -- C:\Windows\System32\drivers\HA20X2K.SYS (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\CTDVDA2K.SYS (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\CTAUD2K.SYS (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online....ie_t-online.htm
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online....ir/ie_suche.htm
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online....ie_t-online.htm
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 6F F4 EC 49 B5 CC 01 [binary data]
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>
IE - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX Runtime 2.0\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wolfi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 02:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 19:48:48 | 000,000,000 | ---D | M]

[2009.02.09 11:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Extensions
[2012.01.28 21:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions
[2011.12.24 22:24:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.30 01:05:23 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\Wolfi\AppData\Roaming\mozilla\Firefox\Profiles\r6307irc.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010.04.25 12:30:38 | 000,001,840 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\bing.xml
[2012.02.01 14:15:21 | 000,001,056 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\icqplugin.xml
[2009.08.29 16:25:07 | 000,000,952 | ---- | M] () -- C:\Users\Wolfi\AppData\Roaming\Mozilla\Firefox\Profiles\r6307irc.default\searchplugins\youtube-videosuche.xml
[2011.12.17 11:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\WOLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6307IRC.DEFAULT\EXTENSIONS\[email protected]
[2011.12.31 02:34:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.04 14:49:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 14:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 14:49:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 14:49:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 14:49:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 14:49:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.02.04 17:55:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX Runtime 2.0\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1452552504-3750701632-1159496026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.1 217.0.43.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED490E5-A5D2-442E-9EA0-75DE411CAA91}: DhcpNameServer = 217.0.43.1 217.0.43.193
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.02.04 18:16:29 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Desktop\RK_Quarantine
[2012.02.03 17:18:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.03 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Desktop\Malwarebytes' Anti-Malware
[2012.02.02 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2012.02.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Creative
[2012.02.01 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
[2012.01.27 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012.01.26 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Magic Set Editor
[2012.01.26 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Set Editor 2
[2012.01.25 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2012.01.22 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Day 1 Studios
[2012.01.10 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Local\SWTOR
[2012.01.10 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\Documents\HeroBlade Logs
[2012.01.10 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.01.10 11:10:08 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic
[2012.01.09 11:17:56 | 000,000,000 | ---D | C] -- C:\Microsoft Games
[2012.01.06 18:22:23 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.01.06 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2007.10.25 14:57:44 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2007.10.25 14:42:46 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\KILLAPPS.EXE
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.04 18:42:26 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 18:42:25 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 18:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 18:10:03 | 000,000,512 | ---- | M] () -- C:\Users\Wolfi\Desktop\MBR.dat
[2012.02.04 17:55:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.02.04 16:54:26 | 000,001,356 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\d3d9caps.dat
[2012.02.03 17:18:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfi\Desktop\esetsmartinstaller_enu.exe
[2012.02.03 15:00:43 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.03 14:50:05 | 000,002,116 | ---- | M] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 17:18:57 | 449,706,338 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 16:53:46 | 000,000,629 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012.02.02 16:51:54 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 16:51:54 | 000,054,156 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.02 14:54:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.02.02 14:51:18 | 000,193,379 | ---- | M] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012.02.01 13:02:08 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk
[2012.01.31 22:38:56 | 000,000,200 | ---- | M] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | M] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.30 21:49:04 | 000,105,984 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.27 08:35:54 | 000,337,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.26 12:49:22 | 000,738,974 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 12:49:22 | 000,687,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 12:49:22 | 000,168,432 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 12:49:22 | 000,138,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.24 16:46:14 | 000,017,885 | ---- | M] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.19 08:35:59 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.01.18 03:34:58 | 000,089,114 | ---- | M] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:23 | 000,766,388 | ---- | M] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[2012.01.10 11:42:20 | 000,000,708 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2012.01.10 11:42:20 | 000,000,684 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.01.06 18:22:23 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[7 C:\Users\Wolfi\Documents\*.tmp files -> C:\Users\Wolfi\Documents\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.04 18:19:39 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\T-Online 6.0.lnk
[2012.02.04 18:19:39 | 000,001,508 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.02.04 18:19:39 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.02.04 18:19:39 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.02.04 18:19:39 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.04 18:19:39 | 000,000,684 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.02.04 18:19:39 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.02.04 18:19:39 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\SpaceChem.lnk
[2012.02.04 18:19:39 | 000,000,540 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.04 18:19:38 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk
[2012.02.04 18:19:38 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\GSFileViewer.lnk
[2012.02.04 18:19:38 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.04 18:19:38 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.02.04 18:19:38 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.02.04 18:19:38 | 000,001,547 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2012.02.04 18:19:38 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012.02.04 18:19:38 | 000,001,461 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.02.04 18:19:38 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.02.04 18:19:38 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2012.02.04 18:19:38 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.02.04 18:19:38 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.02.04 18:19:38 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.04 18:19:38 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.04 18:19:38 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\Java-Editor.lnk
[2012.02.04 18:19:37 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012.02.04 18:19:33 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012.02.04 18:19:33 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012.02.04 18:19:32 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012.02.04 18:19:32 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.02.04 18:19:32 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012.02.04 18:19:32 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012.02.04 18:19:32 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.02.04 18:19:32 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012.02.04 18:19:32 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.02.04 18:19:23 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © Uninstall.lnk
[2012.02.04 18:19:23 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©.lnk
[2012.02.04 18:19:22 | 000,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.02.04 18:19:14 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.02.04 18:19:12 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.04 18:19:11 | 000,000,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reader.lnk
[2012.02.04 18:19:08 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.02.04 18:19:06 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Set Editor.lnk
[2012.02.04 18:18:51 | 000,001,684 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.02.04 18:18:50 | 000,000,546 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.02.04 18:18:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.04 18:18:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.02.04 18:18:49 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012.02.04 18:18:49 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012.02.04 18:18:49 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012.02.04 18:18:49 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012.02.04 18:18:49 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.02.04 18:18:49 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.02.04 18:18:49 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.02.04 18:10:03 | 000,000,512 | ---- | C] () -- C:\Users\Wolfi\Desktop\MBR.dat
[2012.02.04 17:55:14 | 000,001,906 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2012.02.04 17:55:14 | 000,001,748 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.02.04 17:55:14 | 000,001,063 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Fallout Mod Manager.lnk
[2012.02.04 17:55:14 | 000,000,943 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.02.04 17:55:14 | 000,000,938 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.02.04 17:55:14 | 000,000,930 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.02.04 17:55:14 | 000,000,914 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2012.02.04 17:55:14 | 000,000,792 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\TreeSize Free.lnk
[2012.02.04 17:55:14 | 000,000,752 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2012.02.04 17:55:14 | 000,000,708 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2012.02.04 17:55:14 | 000,000,629 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012.02.04 17:55:14 | 000,000,258 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.02.04 17:55:14 | 000,000,240 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.02.04 17:55:13 | 000,001,784 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner Pro.lnk
[2012.02.04 17:55:13 | 000,000,846 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\ StreamTransport.lnk
[2012.02.04 17:55:13 | 000,000,829 | ---- | C] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Fahrplanwaldstraße.pdf - Verknüpfung.lnk
[2012.02.03 14:50:05 | 000,002,116 | ---- | C] () -- C:\Users\Wolfi\0302backup.zip
[2012.02.02 14:51:18 | 000,193,379 | ---- | C] () -- C:\Users\Wolfi\Documents\gesamt.pdf
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2012.02.02 00:03:25 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2012.02.01 13:03:35 | 000,064,756 | ---- | C] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 13:03:35 | 000,054,156 | ---- | C] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-00311102}.rfx
[2012.02.01 12:58:52 | 000,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2012.02.01 12:56:04 | 001,048,576 | ---- | C] () -- C:\Windows\System32\CT1MGM.ROM
[2012.02.01 12:56:03 | 000,098,174 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2012.02.01 12:56:03 | 000,003,128 | ---- | C] () -- C:\Windows\System32\XFi.bmp
[2012.02.01 12:56:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2012.02.01 12:54:28 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2012.02.01 12:53:39 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2012.02.01 12:53:38 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2012.02.01 12:53:37 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT2MGM.SF2
[2012.02.01 12:53:29 | 029,705,938 | ---- | C] () -- C:\Windows\System32\28MBGM.sf2
[2012.01.31 22:38:56 | 000,000,200 | ---- | C] () -- C:\Users\Wolfi\Desktop\Hitman Blood Money.url
[2012.01.31 13:29:09 | 000,361,256 | ---- | C] () -- C:\Users\Wolfi\Documents\Schulgesetz.pdf
[2012.01.24 16:46:14 | 000,017,885 | ---- | C] () -- C:\Users\Wolfi\.recently-used.xbel
[2012.01.18 03:34:58 | 000,089,114 | ---- | C] () -- C:\Users\Wolfi\Documents\satzung_jusos_region_hannover.pdf
[2012.01.13 18:12:22 | 000,766,388 | ---- | C] () -- C:\Users\Wolfi\Documents\Antragspaket 2012 UBK.pdf
[2011.11.08 15:50:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.10.26 13:47:55 | 000,007,672 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.freeciv-client-rc-2.3
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.27 11:56:33 | 000,000,133 | ---- | C] () -- C:\Windows\Wininit.INI
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.28 06:36:43 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.19 20:33:02 | 000,000,085 | --S- | C] () -- C:\ProgramData\.zreglib
[2011.06.13 17:45:05 | 000,038,912 | ---- | C] () -- C:\Windows\System32\NVDevTray.dll
[2011.06.13 17:44:02 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011.06.13 17:43:47 | 001,388,544 | ---- | C] () -- C:\Windows\System32\nvpmapi.dll
[2011.06.13 17:43:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nvISWOW64.dll
[2011.05.27 02:40:40 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.05.27 02:40:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.05.15 20:49:27 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bko
[2011.05.15 13:02:48 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bk!
[2011.05.15 13:01:47 | 000,008,541 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.bak
[2011.05.15 01:01:59 | 000,008,564 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PStrip.ini
[2011.05.13 21:01:49 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.04.26 20:43:07 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.04.25 21:52:34 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 17:17:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.11 17:17:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.25 09:10:28 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.12.24 05:06:16 | 000,028,052 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\OFMissionEditorConfig.xml
[2010.11.11 20:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.10.03 10:24:10 | 000,000,760 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\setup_ldm.iss
[2010.09.07 11:36:06 | 000,860,160 | ---- | C] () -- C:\Windows\System32\spk.dll
[2010.08.27 14:07:05 | 000,090,624 | ---- | C] () -- C:\Windows\VSUNINST.EXE
[2010.08.22 22:39:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.08.10 14:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2010.07.18 17:20:48 | 000,000,760 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 13:21:02 | 000,089,446 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.06.09 19:35:51 | 000,000,069 | ---- | C] () -- C:\Windows\cc.ini
[2010.06.02 18:01:52 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.26 22:44:22 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.01 15:14:23 | 000,000,083 | ---- | C] () -- C:\Windows\CIV.INI
[2010.04.27 21:36:04 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.04.17 20:01:25 | 000,000,026 | ---- | C] () -- C:\Windows\buffygame.INI
[2010.03.27 23:22:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.03.25 15:29:11 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.02.21 09:42:56 | 000,000,551 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AutoGK.ini
[2010.02.18 07:09:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.18 07:09:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.18 07:09:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.18 07:09:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.18 07:09:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.06 19:39:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.06 19:37:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.28 01:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.23 19:15:47 | 000,113,152 | -HS- | C] () -- C:\Windows\System32\SCX.dll
[2009.11.04 17:21:31 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.10.16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009.10.04 07:13:20 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.09.24 02:52:56 | 000,008,312 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\.civclientrc
[2009.09.23 16:26:29 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat
[2009.09.22 19:01:35 | 000,000,179 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2009.09.22 17:21:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.09.04 05:46:33 | 000,000,437 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2009.09.03 02:53:33 | 000,000,307 | ---- | C] () -- C:\Windows\Romme.INI
[2009.09.03 02:48:27 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.08.09 22:10:56 | 000,004,620 | ---- | C] () -- C:\Windows\XChange.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.02 09:57:24 | 000,138,056 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\PnkBstrK.sys
[2009.05.30 00:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 00:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.26 01:38:29 | 000,000,000 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\AVSMediaPlayer.m3u
[2009.05.19 02:05:54 | 000,000,340 | ---- | C] () -- C:\Windows\scummvm.ini
[2009.03.30 04:16:00 | 000,000,072 | ---- | C] () -- C:\Windows\mix-fx.ini
[2009.03.28 20:26:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.03.28 20:26:00 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.03.19 16:23:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.03.10 11:14:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE
[2009.03.09 14:25:55 | 000,000,711 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.02.18 17:44:08 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.18 17:42:22 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.17 18:01:28 | 000,000,099 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.14 13:52:27 | 000,046,592 | ---- | C] () -- C:\Windows\System32\DrvMgt.dll
[2009.02.14 13:52:27 | 000,000,712 | ---- | C] () -- C:\Windows\System32\layout.bin
[2009.02.12 17:08:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.11 05:25:53 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.11 05:25:46 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.02.11 05:25:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.02.10 06:48:37 | 000,105,984 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.09 10:56:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.09 10:18:12 | 000,000,306 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.09 09:52:42 | 000,000,093 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\fusioncache.dat
[2009.02.09 09:18:02 | 000,023,888 | ---- | C] () -- C:\Users\Wolfi\AppData\Roaming\UserTile.png
[2009.02.09 09:08:01 | 000,000,169 | ---- | C] () -- C:\Windows\uno.ini
[2009.02.09 09:07:58 | 000,287,744 | ---- | C] () -- C:\Windows\uno364mi.dll
[2009.02.09 09:07:58 | 000,109,568 | ---- | C] () -- C:\Windows\vos364mi.dll
[2009.02.09 09:07:58 | 000,091,648 | ---- | C] () -- C:\Windows\osl364mi.dll
[2009.02.06 17:17:50 | 000,001,356 | ---- | C] () -- C:\Users\Wolfi\AppData\Local\d3d9caps.dat
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008.01.21 08:15:58 | 000,738,974 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,168,432 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.25 14:59:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007.10.25 14:56:28 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2007.10.25 14:46:54 | 000,325,724 | ---- | C] () -- C:\Windows\System32\CTDLANG.DAT
[2007.10.25 14:46:54 | 000,055,904 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2007.10.25 14:45:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\REGPLIB.EXE
[2007.10.25 14:44:52 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2007.10.25 14:43:10 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2007.10.25 14:43:04 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007.10.25 14:43:04 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007.10.25 14:42:50 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2007.10.25 14:42:50 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2007.10.25 14:42:48 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ENLOCSTR.EXE
[2007.09.04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.08.13 13:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007.06.07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007.04.10 22:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,337,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,687,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.02 10:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2000.02.09 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000.02.09 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1998.06.13 21:53:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011.10.26 13:32:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.freeciv
[2012.01.31 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft
[2011.12.06 22:24:00 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\.minecraft - Kopie
[2010.05.31 16:06:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\adma
[2010.05.14 12:47:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Amazon
[2009.09.08 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Astroburn
[2010.03.12 02:07:30 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Atari
[2011.03.15 13:33:23 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\AtomZombieData
[2011.03.15 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\AtomZombieDemoData
[2010.10.01 12:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Audacity
[2011.03.30 01:39:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Auslogics
[2011.04.09 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Azureus
[2010.01.05 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\c-software
[2011.10.16 05:20:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canneverbe Limited
[2009.03.05 13:10:48 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Canon
[2011.11.27 23:21:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.21 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cherry
[2011.05.31 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Clonk Rage
[2011.06.06 02:10:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cobra Mobile
[2011.11.27 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.03.11 05:26:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2009.03.09 05:32:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.04.25 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\CPUControl
[2011.03.07 14:36:53 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Cuttermaran
[2009.03.09 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools
[2010.02.16 06:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools Lite
[2009.03.09 15:06:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DAEMON Tools Pro
[2012.01.22 12:35:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Day 1 Studios
[2009.08.14 04:32:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\DeepBurner
[2010.10.27 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Digital Red
[2011.07.01 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\eroboxxx
[2009.02.23 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\FireShot
[2010.08.19 00:07:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\fltk.org
[2011.05.29 20:56:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\FOG Downloader
[2011.10.01 14:10:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\fotw
[2011.02.05 01:56:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\GetRightToGo
[2011.12.29 03:10:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\GSFile
[2012.01.05 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\gtk-2.0
[2011.04.21 02:02:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ICQ
[2011.05.10 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Imperium Romanum
[2009.04.25 08:52:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\InterVideo
[2010.05.05 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\IObit
[2011.05.18 11:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\JAM Software
[2011.05.18 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\JavaEditor
[2011.02.19 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Kalypso Media
[2010.03.17 08:01:16 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Leadertech
[2011.10.09 02:55:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Lionhead Studios
[2011.11.24 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\LucasArts
[2012.01.26 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Magic Set Editor
[2010.10.05 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.03.10 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\MudTV
[2011.05.27 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\OpenOffice.org
[2011.10.22 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Origin
[2009.02.09 09:18:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\PeerNetworking
[2011.03.15 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Polynomial
[2011.12.13 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ProtectDisc
[2011.09.15 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\pymclevel
[2010.04.24 18:51:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\QuickScan
[2009.11.04 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Red Alert 3
[2011.07.01 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\RenPy
[2011.03.20 00:51:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Samsung
[2009.05.19 02:06:13 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ScummVM
[2010.06.10 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\SPORE
[2011.09.22 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\SYBEX.PC-Fahrschule09.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2011.05.01 05:58:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\System
[2009.02.09 09:51:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\T-Online
[2009.08.20 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\tell
[2009.11.10 20:35:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\temp
[2009.09.16 13:03:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\The Creative Assembly
[2011.02.11 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Thinstall
[2012.01.21 10:18:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4
[2011.09.06 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Tropico 4 Demo
[2011.09.24 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TS3Client
[2011.09.24 15:34:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\ts3overlay
[2011.12.04 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\TuneUp Software
[2012.01.22 04:19:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Ubisoft
[2010.04.15 07:07:45 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Uniblue
[2011.04.09 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\uTorrent
[2009.09.22 18:52:12 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\Video DVD Maker FREE
[2010.02.21 12:10:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\VistaCodecs
[2011.05.01 05:58:01 | 000,000,000 | --SD | M] -- C:\Users\Wolfi\AppData\Roaming\wyUpdate AU
[2011.10.13 03:23:26 | 000,000,000 | ---D | M] -- C:\Users\Wolfi\AppData\Roaming\XnView
[2012.02.03 17:07:47 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1997.07.29 10:47:00 | 000,030,240 | ---- | M] () -- C:\SETUP.EXE


< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | -H-- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Users\Wolfi\Desktop\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Users\Wolfi\Desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009.04.10 21:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9ED490E5-A5D2-442E-9EA0-75DE411CAA91}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008.01.21 03:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 02 01 01 01 00 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006.11.02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.12.16 23:12:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011.12.16 23:12:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.12.31 02:34:22 | 000,717,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.12.31 02:34:23 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.12.16 23:12:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.12.16 23:12:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011.12.16 23:12:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2012.02.01 13:00:46 | 000,001,942 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\Creative MediaSource Go!.lnk
[2006.11.02 13:56:50 | 000,001,677 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009.10.02 03:56:51 | 000,000,442 | -HS- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\desktop.ini
[2011.10.19 09:08:12 | 000,000,896 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\PokerStars.net.lnk
[2009.09.27 04:35:13 | 000,001,621 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\PowerArchiver.lnk
[2011.10.02 18:23:18 | 000,000,781 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\Sierra-Dienstprogramme.lnk
[2009.09.22 17:21:00 | 000,001,835 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\SUPER © Uninstall.lnk
[2009.09.22 17:21:00 | 000,001,811 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\SUPER ©.lnk
[2009.10.02 03:56:51 | 000,001,661 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >
[2011.09.14 22:04:22 | 000,000,846 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\ StreamTransport.lnk
[2011.12.16 23:25:15 | 000,000,286 | -HS- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\desktop.ini
[2011.06.03 18:31:39 | 000,001,784 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Driver Cleaner Pro.lnk
[2011.12.30 09:54:51 | 000,000,829 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Fahrplanwaldstraße.pdf - Verknüpfung.lnk
[2011.07.23 08:53:32 | 000,001,063 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Fallout Mod Manager.lnk
[2011.12.16 23:25:15 | 000,000,943 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2012.01.02 06:43:46 | 000,000,930 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
[2009.07.01 04:56:37 | 000,001,748 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
[2011.10.19 09:08:12 | 000,000,914 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\PokerStars.net.lnk
[2008.01.21 03:42:47 | 000,000,258 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2009.12.29 11:52:47 | 000,001,906 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Snagit 9.lnk
[2012.01.10 11:42:20 | 000,000,708 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Star Wars - The Old Republic.lnk
[2012.02.02 16:53:46 | 000,000,629 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\System Check.lnk
[2011.05.18 11:14:59 | 000,000,792 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\TreeSize Free.lnk
[2008.01.21 03:42:47 | 000,000,240 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2009.02.06 20:54:24 | 000,000,938 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk
[2011.06.18 15:27:03 | 000,000,752 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\2\XnView.lnk

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2011.11.27 20:38:40 | 000,000,912 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Adobe Download Assistant.lnk
[2011.06.20 09:05:53 | 000,001,892 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
[2011.12.08 02:10:39 | 000,000,738 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Battlefield 3.lnk
[2011.06.03 19:03:21 | 000,000,558 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\CCleaner.lnk
[2012.01.06 18:22:23 | 000,000,857 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\CPUID CPU-Z.lnk
[2012.02.01 13:02:08 | 000,002,089 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Creative-Produktregistrierung.lnk
[2010.12.18 23:39:11 | 000,001,461 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\DAEMON Tools Lite.lnk
[2011.12.23 02:42:33 | 000,001,702 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Defraggler.lnk
[2011.12.17 12:39:22 | 000,000,174 | -HS- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\desktop.ini
[2011.12.17 20:55:28 | 000,000,798 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\FIFA 12.lnk
[2011.12.29 03:05:11 | 000,001,894 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\GSFileViewer.lnk
[2011.06.01 22:47:04 | 000,000,554 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Java-Editor.lnk
[2011.12.03 23:13:11 | 000,001,473 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Logitech Webcam Software .lnk
[2010.09.30 11:02:46 | 000,001,547 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Logitech-Maus- und -Tastatureinstellungen.lnk
[2012.02.03 15:00:43 | 000,000,697 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
[2010.12.24 21:56:10 | 000,001,719 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\McAfee Security Scan Plus.lnk
[2012.01.19 08:35:59 | 000,000,776 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Origin.lnk
[2011.10.17 09:10:03 | 000,000,990 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Paint.NET.lnk
[2011.10.19 09:08:12 | 000,000,890 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\PokerStars.net.lnk
[2011.06.12 00:53:12 | 000,001,508 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk
[2012.01.01 06:17:57 | 000,000,570 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\SpaceChem.lnk
[2012.01.10 11:42:20 | 000,000,684 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Star Wars - The Old Republic.lnk
[2010.11.22 21:02:34 | 000,000,540 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\Steam.lnk
[2009.02.09 09:50:46 | 000,002,086 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\T-Online 6.0.lnk
[2011.12.14 21:49:27 | 000,000,859 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\VLC media player.lnk
[2011.12.04 23:30:40 | 000,000,673 | ---- | M] () -- C:\Users\Wolfi\AppData\Local\Temp\smtmp\4\World of Warcraft.lnk

========== Files - Unicode (All) ==========
(C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????) -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\クレージュ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\クレージュ

< End of report >

Attached Files

  • Attached File  OTL.Txt   165.05KB   39 downloads

  • 0

Advertisements


#11
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
BTW.: The target of the "System Check"-Shortcut is "C:\ProgramData\ekMFD1W9NQq5nU.exe". Just for the record.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once this run is completed you should get a text file opening could you post that please and let me know what is outstanding

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2012.02.02 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\Wolfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012.02.02 16:53:46 | 000,000,629 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, there is a problem. The fix doesn't do the last three steps

[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

OTL just freezes and I did a restart.

Did it work?
Maybe retry in save mode?

Attached Files

  • Attached File  OTL.Txt   126.02KB   46 downloads

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it just missed one item. That file was deleted on the first run :)

What problems remain ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012.02.02 16:53:46 | 000,000,629 | ---- | M] () -- C:\Users\Wolfi\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Update Malwarebytes and run a quick scan. Posting the resultant log
  • 0

#15
Wolfizero

Wolfizero

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, will do this. The "System Check"-Icon and the files from "C:/ProgrammData/" are still there and I guess they could do some trouble, when I leave them there.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP