Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firewall, Defender and BFE disappeared after suspicious adobe update

Started by mspk , Aug 30 2012 12:17 PM

  • Please log in to reply

#1
mspk
Posted 30 August 2012 - 12:17 PM

mspk

    New Member

  • Member
  • Pip
  • 4 posts
Hey!
first of all big thanks for all you hardworking ppl here. really appreciate the help. second: english isnt my first language so please dont be too harsh if i write something wrong or dont understand directly. now to my problem:
i recently set up a fresh win7 x64 install on my pc. everything was going great until i decided to finally let adobe flash player make updates on itself (i used to set it to "ask me first before install"). not long after that i suddenly got a popup asking me if i wanted to allow adobe to make some changes. since it was the 1st time i got this i thought the new setting in the updates required me to allow the updates. well i allowed it but got an error message that it tried to install an old version and so it didnt. i figured some ad or website was just outdated and didnt think about it anymore. im not totally sure that this was what lead to the following but it is the only thing i can remember that may have done it.
some time after that i realized that my firewall was disabled. then i realized defender was down too. so i googled for adobe update and the symptoms and found out it may have been some virus/malware and followed a instruction to get it back after running an eset smart security scan and a malwarebytes scan. eset gave me nothing and malwarebytes found two small adware infections i dont think had anything to do with it. well after the scans i followed these instructions to get the firewall and defender back: http://social.techne...89-8bd18a5c3aad . it seemed to have worked because the bfe, fw and defender are back. this is why im not 100% sure it really was a virus or maybe something just broke in win7. well i went ahead and followed the instructions in the tutorial on this site and now have the otl.txt. i would really appreciate it if someone could look over it and tell me if there still is anything which shouldnt be there or if im just seeing things.
i hope its okay to take the liberty of removing my name from the folder names ;) plus i hope its not too bad that some entries are in german. i checked a few and they seem pretty self-explanatory. if there are any questions ill be glad to answer them.
thanks again for your help




OTL logfile created on: 30.08.2012 19:49:43 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Guy Incognito\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 77,59% Memory free
15,88 Gb Paging File | 14,12 Gb Available in Paging File | 88,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 713,57 Gb Total Space | 664,56 Gb Free Space | 93,13% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 10,66 Gb Free Space | 8,33% Space Free | Partition Type: NTFS
Drive G: | 683,59 Gb Total Space | 672,58 Gb Free Space | 98,39% Space Free | Partition Type: NTFS

Computer Name: PK-PC | User Name: Guy Incognito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Guy Incognito\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 A8 35 30 85 84 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 13:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 00:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.08.27 21:16:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 13:02:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 00:20:01 | 000,000,000 | ---D | M]

[2012.08.27 20:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Extensions
[2012.08.27 22:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions
[2012.08.27 22:09:22 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012.08.27 22:09:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.27 22:00:05 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\[email protected]
[2012.08.27 20:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.29 13:02:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{91AA5ABE-9DE4-4347-B7B5-322C38DD9271}
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2012.08.29 13:02:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:02:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.29 13:02:42 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 80.69.100.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053A2E9E-9131-412A-AAB3-AC925DE970CD}: DhcpNameServer = 80.69.103.78 80.69.100.230
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.30 18:10:10 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Malwarebytes
[2012.08.30 18:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.30 18:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 18:09:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.30 18:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.30 18:00:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.08.30 18:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012.08.30 18:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2012.08.28 23:35:56 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\dwhelper
[2012.08.28 17:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.08.28 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\SystemRequirementsLab
[2012.08.28 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\ZoomBrowser EX
[2012.08.28 15:37:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\CANON INC
[2012.08.28 15:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2012.08.28 15:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.08.28 15:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012.08.28 15:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2012.08.28 05:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.08.28 05:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.08.28 04:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.08.28 04:03:49 | 000,032,360 | R--- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys
[2012.08.28 03:59:20 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2012.08.28 03:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.08.28 03:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2012.08.28 03:57:53 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.08.28 03:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.08.28 03:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.08.28 03:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.08.28 03:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.08.28 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.08.28 03:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.08.28 03:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.08.28 03:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.08.28 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\WindowsUpdate
[2012.08.28 01:25:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.28 01:16:20 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\OpenOffice.org
[2012.08.28 01:16:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.08.28 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.08.28 01:08:57 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Foxit Software
[2012.08.28 01:06:12 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\MISC
[2012.08.28 01:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.08.28 01:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.08.28 01:00:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Backups
[2012.08.28 01:00:12 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Spielstände
[2012.08.28 00:59:15 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Ämter
[2012.08.28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Arbeit
[2012.08.28 00:58:52 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Uni
[2012.08.28 00:51:25 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Collectorz.com
[2012.08.28 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
[2012.08.28 00:51:24 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Movie Collector
[2012.08.28 00:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Collectorz.com
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264vfw
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264vfw
[2012.08.28 00:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.08.28 00:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.08.28 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.08.28 00:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.08.28 00:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software
[2012.08.28 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOUSE Editor
[2012.08.28 00:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.28 00:38:34 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.28 00:38:33 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\DAEMON Tools Lite
[2012.08.28 00:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.08.28 00:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.08.28 00:34:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Skype
[2012.08.28 00:34:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.28 00:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.28 00:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.28 00:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.08.28 00:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.08.28 00:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDub-1.9.11
[2012.08.28 00:27:41 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\pdfforge
[2012.08.28 00:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.28 00:27:39 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012.08.28 00:27:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.08.28 00:27:39 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.08.28 00:27:39 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.08.28 00:27:39 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.08.28 00:27:39 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.08.28 00:27:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.08.28 00:27:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.08.28 00:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.08.28 00:20:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.08.28 00:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.08.28 00:20:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.08.28 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.08.28 00:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012.08.28 00:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.08.28 00:19:55 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Winamp
[2012.08.28 00:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.08.28 00:17:50 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\My Streaming Media
[2012.08.28 00:17:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Jaksta_Technologies_Pty_L
[2012.08.28 00:16:10 | 000,033,888 | ---- | C] (Applian Technologies Inc.) -- C:\Windows\SysNative\drivers\appliand.sys
[2012.08.28 00:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2012.08.28 00:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012.08.28 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Replay Media Catcher 4
[2012.08.28 00:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2012.08.28 00:01:00 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2012.08.27 23:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.08.27 23:59:34 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\SkyDrive
[2012.08.27 23:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\WinRAR
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.27 23:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.08.27 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.08.27 23:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.08.27 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2012.08.27 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Newsbin
[2012.08.27 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
[2012.08.27 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Newsbin
[2012.08.27 22:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Newsbin
[2012.08.27 22:41:36 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\vlc
[2012.08.27 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.27 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.08.27 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\.clipbak
[2012.08.27 22:12:57 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Macromedia
[2012.08.27 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.27 22:03:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.08.27 22:03:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.27 22:03:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.27 22:03:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.27 22:03:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.27 22:03:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.27 22:03:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.27 22:03:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.27 22:03:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.27 22:03:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.27 22:03:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.27 22:03:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.27 22:03:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.27 22:03:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.27 22:02:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.08.27 22:02:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.08.27 22:02:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.27 22:01:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.27 22:01:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.27 22:01:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.27 22:01:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.27 22:01:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.08.27 22:01:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.08.27 21:57:50 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.27 21:57:50 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.27 21:57:50 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.27 21:57:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.08.27 21:57:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.08.27 21:57:41 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.08.27 21:57:26 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.27 21:57:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.27 21:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.08.27 21:24:13 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.08.27 21:24:13 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.08.27 21:24:13 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.08.27 21:24:13 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.08.27 21:24:13 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.08.27 21:24:05 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.08.27 21:24:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.08.27 21:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.27 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.08.27 21:23:49 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.08.27 21:23:49 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.08.27 21:23:49 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.08.27 21:23:49 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.08.27 21:23:49 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.08.27 21:23:49 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.08.27 21:23:49 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.08.27 21:23:49 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.08.27 21:23:49 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.08.27 21:23:49 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.08.27 21:23:49 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.08.27 21:23:49 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.08.27 21:23:49 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.08.27 21:23:49 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.08.27 21:23:49 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.08.27 21:23:49 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.08.27 21:23:49 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.08.27 21:23:49 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.08.27 21:23:49 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.08.27 21:23:49 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.08.27 21:23:49 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.08.27 21:23:49 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.08.27 21:23:49 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.08.27 21:23:49 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.08.27 21:23:49 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.08.27 21:23:49 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.08.27 21:23:49 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.08.27 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.08.27 21:23:15 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.08.27 21:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.08.27 21:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.08.27 21:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.27 21:20:10 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.27 21:20:10 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.27 21:20:10 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.27 21:20:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.27 21:20:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.27 21:20:03 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.27 21:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.27 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\ESET
[2012.08.27 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.27 21:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2012.08.27 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\TrueCrypt
[2012.08.27 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.08.27 20:55:45 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.08.27 20:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.08.27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Mozilla
[2012.08.27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Mozilla
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.27 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Macromedia
[2012.08.27 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Adobe
[2012.08.27 20:53:38 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 20:53:38 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.27 20:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.08.27 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.27 20:43:28 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hcs.sys
[2012.08.27 20:43:21 | 000,356,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hub.sys
[2012.08.27 20:43:19 | 000,787,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3xhc.sys
[2012.08.27 20:42:14 | 000,648,808 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.08.27 20:42:13 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012.08.27 20:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.08.27 20:41:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.08.27 20:41:12 | 002,915,440 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2012.08.27 20:41:12 | 002,182,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2012.08.27 20:41:12 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2012.08.27 20:41:12 | 000,675,952 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2012.08.27 20:41:12 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2012.08.27 20:41:12 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2012.08.27 20:41:12 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2012.08.27 20:41:12 | 000,090,224 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2012.08.27 20:41:12 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2012.08.27 20:41:12 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2012.08.27 20:41:12 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2012.08.27 20:40:43 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2012.08.27 20:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2012.08.27 20:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.08.27 20:36:11 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.08.27 20:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.08.27 20:35:57 | 000,000,000 | ---D | C] -- C:\Intel
[2012.08.27 20:32:48 | 000,000,000 | ---D | C] -- C:\Windows\Chipset
[2012.08.27 20:32:47 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012.08.27 20:31:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.08.27 20:30:46 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.27 20:30:46 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.27 20:30:45 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Searches
[2012.08.27 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Identities
[2012.08.27 20:30:36 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Contacts
[2012.08.27 20:30:35 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\VirtualStore
[2012.08.27 20:30:27 | 000,000,000 | --SD | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Videos
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Saved Games
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Pictures
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Music
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Links
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Favorites
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Downloads
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Documents
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Desktop
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Vorlagen
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Verlauf
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Temporary Internet Files
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Startmenü
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\SendTo
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Recent
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Netzwerkumgebung
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Lokale Einstellungen
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Videos
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Musik
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Eigene Dateien
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Bilder
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Druckumgebung
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Cookies
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Anwendungsdaten
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Anwendungsdaten
[2012.08.27 20:30:27 | 000,000,000 | -H-D | C] -- C:\Users\Guy Incognito\AppData
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Temp
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Microsoft
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Media Center Programs
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.27 20:25:23 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.08.27 20:25:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.08.30 19:40:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 19:36:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.30 19:36:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.30 19:36:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.30 19:36:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.30 19:36:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.30 19:35:08 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 19:35:08 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 19:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 19:27:44 | 2099,843,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 18:10:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 18:00:14 | 000,001,108 | ---- | M] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012.08.30 18:00:03 | 000,000,928 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\NTREGOPT.lnk
[2012.08.30 18:00:03 | 000,000,909 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\ERUNT.lnk
[2012.08.29 22:54:40 | 004,919,280 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012.08.28 15:36:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.28 03:57:05 | 000,035,393 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.08.28 03:09:51 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.28 00:38:34 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.28 00:31:06 | 000,001,545 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\VDub.lnk
[2012.08.27 22:22:28 | 000,000,455 | ---- | M] () -- C:\Users\Guy Incognito\clipdat2.rdf
[2012.08.27 22:10:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 22:10:47 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.27 21:42:28 | 000,002,125 | ---- | M] () -- C:\Users\Guy Incognito\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2012.08.27 21:19:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.27 21:19:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.27 21:19:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.27 21:19:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.27 21:19:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.27 21:19:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.27 21:04:02 | 001,835,008 | ---- | M] () -- C:\Users\Guy Incognito\Documents\TrueCrypt Rescue Disk.iso
[2012.08.27 20:55:45 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.08.27 20:54:18 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.27 20:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.27 20:32:47 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012.08.27 20:31:41 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.08.27 20:27:01 | 000,000,771 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.27 20:27:01 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012.08.30 18:10:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 18:00:14 | 000,001,108 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012.08.30 18:00:03 | 000,000,928 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\NTREGOPT.lnk
[2012.08.30 18:00:03 | 000,000,909 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\ERUNT.lnk
[2012.08.28 15:36:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.28 04:13:47 | 004,919,280 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.08.28 03:57:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.08.28 03:57:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.28 03:52:56 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.08.28 00:46:28 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.08.28 00:42:57 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012.08.28 00:42:57 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.28 00:42:57 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012.08.28 00:42:57 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.28 00:42:57 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012.08.28 00:42:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.08.28 00:32:26 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.08.28 00:31:06 | 000,001,545 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\VDub.lnk
[2012.08.27 23:59:34 | 000,002,204 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.08.27 22:22:28 | 000,000,455 | ---- | C] () -- C:\Users\Guy Incognito\clipdat2.rdf
[2012.08.27 21:42:28 | 000,002,125 | ---- | C] () -- C:\Users\Guy Incognito\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2012.08.27 21:24:13 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.08.27 21:23:49 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.08.27 21:04:02 | 001,835,008 | ---- | C] () -- C:\Users\Guy Incognito\Documents\TrueCrypt Rescue Disk.iso
[2012.08.27 20:54:18 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.27 20:54:18 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.27 20:53:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.27 20:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.27 20:42:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.08.27 20:41:24 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012.08.27 20:31:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.27 20:31:35 | 000,035,393 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.08.27 20:30:51 | 000,001,409 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.27 20:30:47 | 000,001,443 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.27 20:25:02 | 2099,843,071 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012.08.28 00:39:07 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\DAEMON Tools Lite
[2012.08.27 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\ESET
[2012.08.28 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Foxit Software
[2012.08.28 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\OpenOffice.org
[2012.08.28 00:27:41 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\pdfforge
[2012.08.28 00:17:50 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Replay Media Catcher 4
[2012.08.27 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\TrueCrypt
[2009.07.14 07:08:49 | 000,009,450 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 30 August 2012 - 01:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{91AA5ABE-9DE4-4347-B7B5-322C38DD9271}
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}

:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Replace Guy Incognito with your real user id. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\08302012-some number.log.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
mspk
Posted 30 August 2012 - 02:46 PM

mspk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry took a while ;)
here are the logs:

OTL1:

========== OTL ==========
========== FILES ==========
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guy Incognito
->Flash cache emptied: 3705 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guy Incognito
->Java cache emptied: 118781 bytes
 
User: Public
 
Total Java Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08302012_213301


aswMBR (didnt offer the "fix" option):

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 21:39:28
-----------------------------
21:39:28.694    OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:28.694    Number of processors: 4 586 0x2A07
21:39:28.694    ComputerName: PK-PC  UserName: 
21:39:29.546    Initialize success
21:40:17.519    AVAST engine defs: 12083000
21:40:46.928    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:40:46.929    Disk 0 Vendor: ST1500DM003-9YN16G CC4C Size: 1430799MB BusType: 3
21:40:46.930    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:40:46.932    Disk 1 Vendor: SAMSUNG_HD250HJ FH100-05 Size: 238475MB BusType: 3
21:40:46.954    Disk 0 MBR read successfully
21:40:46.955    Disk 0 MBR scan
21:40:46.959    Disk 0 unknown MBR code
21:40:46.976    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS               100 MB offset 2048
21:40:46.996    Disk 0 Partition 2 00     07    HPFS/NTFS            730698 MB offset 206848
21:40:47.038    Disk 0 Partition 3 00     07    HPFS/NTFS            699998 MB offset 1496676352
21:40:47.084    Disk 0 scanning C:\Windows\system32\drivers
21:40:47.089    Service scanning
21:41:24.262    Modules scanning
21:41:34.587    AVAST engine scan C:\Windows
21:41:34.611    AVAST engine scan C:\Windows\system32
21:41:34.615    AVAST engine scan C:\Windows\system32\drivers
21:41:34.619    AVAST engine scan C:\Users\Guy Incognito
21:41:34.623    AVAST engine scan C:\ProgramData
21:41:34.626    Scan finished successfully
21:41:46.541    Disk 0 MBR has been saved successfully to "C:\Users\Guy Incognito\Desktop\MBR.dat"
21:41:46.546    The log file has been saved successfully to "C:\Users\Guy Incognito\Desktop\aswMBR.txt"


ComboFix (note: disabled eset before but it still asked me if i want to close eset during i said yes, it also sait my trash can is damaged (it had a few files in it) i said yes to emptying also):

ComboFix 12-08-30.04 - Guy Incognito 30.08.2012  21:47:40.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8131.6322 [GMT 2:00]
ausgeführt von:: c:\users\Guy Incognito\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-28 bis 2012-08-30  ))))))))))))))))))))))))))))))
.
.
2012-08-30 19:49 . 2012-08-30 19:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-30 19:33 . 2012-08-30 19:33	--------	d-----w-	C:\_OTL
2012-08-30 16:10 . 2012-08-30 16:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-30 16:09 . 2012-08-30 16:10	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-30 16:09 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-30 16:00 . 2012-08-30 16:00	--------	d-----w-	c:\program files (x86)\ERUNT
2012-08-29 21:05 . 2012-08-29 21:05	--------	d-----w-	c:\program files (x86)\SopCast
2012-08-28 15:24 . 2012-08-28 15:24	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2012-08-28 13:18 . 2012-08-28 13:18	--------	d-----w-	c:\programdata\ZoomBrowser
2012-08-28 13:18 . 2012-08-28 13:19	--------	d-----w-	c:\program files (x86)\Canon
2012-08-28 13:17 . 2012-08-28 13:17	--------	d-----w-	c:\program files (x86)\Common Files\Canon
2012-08-28 03:11 . 2012-08-28 03:11	--------	d-----w-	c:\program files (x86)\Lavalys
2012-08-28 02:13 . 2012-08-29 20:54	4919280	----a-w-	c:\windows\PE_Rom.dll
2012-08-28 02:05 . 2012-08-28 02:05	--------	d-----w-	c:\program files\ASUS
2012-08-28 02:03 . 2011-08-12 10:13	32360	----a-r-	c:\windows\system32\drivers\ndisrd.sys
2012-08-28 01:59 . 2008-12-02 18:05	184320	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2012-08-28 01:57 . 2012-08-28 01:57	--------	d-----w-	c:\programdata\ASUS
2012-08-28 01:57 . 2012-08-28 02:00	--------	d-----w-	c:\program files (x86)\ASUS
2012-08-28 01:57 . 2010-08-24 07:16	13440	----a-r-	c:\windows\SysWow64\drivers\AsIO.sys
2012-08-28 01:57 . 2010-06-29 07:41	28672	----a-r-	c:\windows\SysWow64\AsIO.dll
2012-08-28 01:57 . 2008-01-04 05:34	11832	------w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-08-28 01:52 . 2012-02-07 09:40	15128	----a-r-	c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-28 01:52 . 2012-08-28 01:52	--------	d-----w-	c:\programdata\Intel
2012-08-28 01:52 . 2012-08-28 01:52	--------	d-----w-	c:\program files\Intel
2012-08-28 01:52 . 2012-08-28 01:52	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2012-08-28 01:21 . 2012-08-28 01:21	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-08-28 01:21 . 2012-08-28 01:21	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-08-27 23:25 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-27 23:25 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-27 23:15 . 2012-08-27 23:15	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2012-08-27 23:02 . 2012-08-27 23:02	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-08-27 22:51 . 2012-08-27 22:51	--------	d-----w-	c:\program files (x86)\Collectorz.com
2012-08-27 22:47 . 2012-08-27 22:47	--------	d-----w-	c:\program files (x86)\x264vfw
2012-08-27 22:46 . 2012-04-08 22:40	79360	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2012-08-27 22:46 . 2012-08-27 22:46	--------	d-----w-	c:\program files (x86)\ffdshow
2012-08-27 22:42 . 2011-05-30 13:42	240640	----a-w-	c:\windows\SysWow64\xvidvfw.dll
2012-08-27 22:42 . 2011-05-30 13:42	255488	----a-w-	c:\windows\system32\xvidvfw.dll
2012-08-27 22:42 . 2011-05-23 09:52	153088	----a-w-	c:\windows\SysWow64\xvid.ax
2012-08-27 22:42 . 2011-05-23 07:49	173568	----a-w-	c:\windows\system32\xvid.ax
2012-08-27 22:42 . 2011-05-23 07:46	645632	----a-w-	c:\windows\SysWow64\xvidcore.dll
2012-08-27 22:42 . 2011-05-23 07:45	696832	----a-w-	c:\windows\system32\xvidcore.dll
2012-08-27 22:42 . 2012-08-27 22:43	--------	d-----w-	c:\program files (x86)\Xvid
2012-08-27 22:40 . 2012-08-27 22:48	--------	d-----w-	c:\program files (x86)\MOUSE Editor
2012-08-27 22:38 . 2012-08-27 22:38	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-27 22:38 . 2012-08-27 22:38	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-08-27 22:37 . 2012-08-27 22:37	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-08-27 22:34 . 2012-08-27 22:34	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-08-27 22:34 . 2012-08-27 22:34	--------	d-----r-	c:\program files (x86)\Skype
2012-08-27 22:34 . 2012-08-27 22:34	--------	d-----w-	c:\programdata\Skype
2012-08-27 22:32 . 2012-08-27 22:32	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-08-27 22:30 . 2012-08-27 22:30	--------	d-----w-	c:\program files (x86)\VirtualDub-1.9.11
2012-08-27 22:27 . 2012-06-30 06:46	95744	----a-w-	c:\windows\system32\pdfcmon.dll
2012-08-27 22:27 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-08-27 22:27 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-08-27 22:27 . 2012-05-05 09:54	1071088	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-08-27 22:27 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-08-27 22:27 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-08-27 22:27 . 2012-08-27 22:27	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-08-27 22:27 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-08-27 22:27 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-08-27 22:20 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-08-27 22:20 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2012-08-27 22:20 . 2012-08-27 22:20	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-08-27 22:19 . 2012-08-27 22:19	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-08-27 22:19 . 2012-08-27 22:20	--------	d-----w-	c:\program files (x86)\Winamp
2012-08-27 22:16 . 2011-06-26 00:56	33888	----a-w-	c:\windows\system32\drivers\appliand.sys
2012-08-27 22:16 . 2012-08-27 22:16	--------	d-----w-	c:\program files (x86)\Applian Technologies
2012-08-27 22:15 . 2012-08-27 22:15	--------	d-----w-	c:\programdata\Applian
2012-08-27 22:01 . 2012-08-27 22:01	--------	d-----w-	C:\SkyDriveTemp
2012-08-27 21:59 . 2012-08-27 21:59	--------	d-----w-	c:\program files (x86)\Microsoft SkyDrive
2012-08-27 21:59 . 2012-08-27 21:59	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2012-08-27 21:05 . 2012-08-27 21:05	--------	d-----w-	c:\program files (x86)\QuickPar
2012-08-27 20:45 . 2012-08-27 20:45	--------	d-----w-	c:\program files\Newsbin
2012-08-27 20:41 . 2012-08-27 20:41	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-08-27 20:04 . 2012-08-19 23:53	9309624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{51DC3E97-4EDD-474E-BA96-C4DE451B7A54}\mpengine.dll
2012-08-27 20:02 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-08-27 20:01 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-27 19:57 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-08-27 19:57 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-08-27 19:57 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-08-27 19:57 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-08-27 19:57 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-08-27 19:57 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-08-27 19:57 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-08-27 19:57 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-08-27 19:57 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-08-27 19:24 . 2012-05-15 09:29	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-27 19:24 . 2012-05-15 09:29	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-08-27 19:24 . 2012-05-15 09:29	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-27 19:24 . 2012-05-15 09:29	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-27 19:24 . 2012-05-15 09:29	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-08-27 19:24 . 2012-05-15 09:29	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-08-27 19:24 . 2012-05-15 09:28	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-27 19:24 . 2012-05-15 10:48	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-08-27 19:24 . 2012-05-15 10:48	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-08-27 19:24 . 2012-08-27 19:24	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-08-27 19:24 . 2012-08-27 19:24	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-08-27 19:20 . 2012-08-30 19:51	--------	d-----w-	c:\programdata\NVIDIA
2012-08-27 19:20 . 2012-08-27 19:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-08-27 19:20 . 2012-08-27 19:19	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-08-27 19:20 . 2012-08-27 19:19	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-27 19:20 . 2012-08-27 19:19	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-27 19:19 . 2012-08-27 19:19	--------	d-----w-	c:\program files (x86)\Java
2012-08-27 19:15 . 2012-08-27 19:15	--------	d-----w-	c:\program files\ESET
2012-08-27 19:03 . 2012-08-27 19:03	--------	d-----w-	c:\programdata\TrueCrypt
2012-08-27 18:55 . 2012-08-27 18:55	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2012-08-27 18:55 . 2012-08-27 18:55	--------	d-----w-	c:\program files\TrueCrypt
2012-08-27 18:54 . 2012-08-29 19:39	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-08-27 18:53 . 2012-08-27 20:10	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 18:53 . 2012-08-27 20:10	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 18:53 . 2012-08-27 18:53	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-08-27 18:53 . 2012-08-27 18:53	--------	d-----w-	c:\windows\system32\Macromed
2012-08-27 18:43 . 2012-01-26 17:39	16152	----a-w-	c:\windows\system32\drivers\iusb3hcs.sys
2012-08-27 18:43 . 2012-01-26 17:39	356120	----a-w-	c:\windows\system32\drivers\iusb3hub.sys
2012-08-27 18:43 . 2012-01-26 17:39	787736	----a-w-	c:\windows\system32\drivers\iusb3xhc.sys
2012-08-27 18:42 . 2011-11-24 07:02	74272	----a-w-	c:\windows\system32\RtNicProp64.dll
2012-08-27 18:42 . 2011-11-24 07:02	648808	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2012-08-27 18:42 . 2011-11-24 07:02	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2012-08-27 18:42 . 2012-08-27 18:42	--------	d-----w-	c:\program files (x86)\Realtek
2012-08-27 18:40 . 2007-04-11 15:35	414632	------w-	c:\windows\difxapi.dll
2012-08-27 18:40 . 2012-08-28 01:58	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2012-08-27 18:36 . 2012-08-28 01:52	--------	d-----w-	c:\program files (x86)\Intel
2012-08-27 18:36 . 2011-12-06 23:55	53248	----a-r-	c:\windows\SysWow64\CSVer.dll
2012-08-27 18:35 . 2012-08-27 18:35	--------	d-----w-	C:\Intel
2012-08-27 18:32 . 2012-08-27 18:32	--------	d-----w-	c:\windows\Chipset
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 02:27 . 2012-06-02 14:43	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-06-02 14:33 . 2012-06-02 14:33	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-06-02 14:33 . 2012-06-02 14:33	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-06-02 14:33 . 2012-06-02 14:33	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-02 14:33 . 2012-06-02 14:33	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-02 14:33 . 2012-06-02 14:33	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-06-02 14:33 . 2012-06-02 14:33	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-06-02 14:33 . 2012-06-02 14:33	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-06-02 14:33 . 2012-06-02 14:33	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-06-02 14:33 . 2012-06-02 14:33	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-06-02 14:33 . 2012-06-02 14:33	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-06-02 14:33 . 2012-06-02 14:33	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-06-02 14:33 . 2012-06-02 14:33	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-06-02 14:33 . 2012-06-02 14:33	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-06-02 14:33 . 2012-06-02 14:33	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-06-02 14:33 . 2012-06-02 14:33	222208	----a-w-	c:\windows\system32\msls31.dll
2012-06-02 14:33 . 2012-06-02 14:33	197120	----a-w-	c:\windows\system32\msrating.dll
2012-06-02 14:33 . 2012-06-02 14:33	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-06-02 14:33 . 2012-06-02 14:33	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-06-02 14:33 . 2012-06-02 14:33	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-06-02 14:33 . 2012-06-02 14:33	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-06-02 14:33 . 2012-06-02 14:33	149504	----a-w-	c:\windows\system32\occache.dll
2012-06-02 14:33 . 2012-06-02 14:33	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-06-02 14:33 . 2012-06-02 14:33	12288	----a-w-	c:\windows\system32\mshta.exe
2012-06-02 14:33 . 2012-06-02 14:33	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-06-02 14:33 . 2012-06-02 14:33	114176	----a-w-	c:\windows\system32\admparse.dll
2012-06-02 14:33 . 2012-06-02 14:33	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-06-02 14:33 . 2012-06-02 14:33	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-06-02 14:33 . 2012-06-02 14:33	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-06-02 14:33 . 2012-06-02 14:33	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-06-02 14:33 . 2012-06-02 14:33	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-06-02 14:33 . 2012-06-02 14:33	82432	----a-w-	c:\windows\system32\icardie.dll
2012-06-02 14:33 . 2012-06-02 14:33	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-06-02 14:33 . 2012-06-02 14:33	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-06-02 14:33 . 2012-06-02 14:33	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-06-02 14:33 . 2012-06-02 14:33	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-06-02 14:33 . 2012-06-02 14:33	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-06-02 14:33 . 2012-06-02 14:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-06-02 14:33 . 2012-06-02 14:33	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-06-02 14:33 . 2012-06-02 14:33	448512	----a-w-	c:\windows\system32\html.iec
2012-06-02 14:33 . 2012-06-02 14:33	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-06-02 14:33 . 2012-06-02 14:33	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-06-02 14:33 . 2012-06-02 14:33	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-06-02 14:33 . 2012-06-02 14:33	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-06-02 14:33 . 2012-06-02 14:33	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-06-02 14:33 . 2012-06-02 14:33	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-06-02 14:33 . 2012-06-02 14:33	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-06-02 14:33 . 2012-06-02 14:33	160256	----a-w-	c:\windows\system32\wextract.exe
2012-06-02 14:33 . 2012-06-02 14:33	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-06-02 14:33 . 2012-06-02 14:33	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-06-02 14:33 . 2012-06-02 14:33	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-06-02 14:33 . 2012-06-02 14:33	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-06-02 14:33 . 2012-06-02 14:33	103936	----a-w-	c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-27 21:59	220608	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-27 21:59	220608	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-27 21:59	220608	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-08-27 1516496]
"SkyDrive"="c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-08-27 238528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-27 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [2012-01-13 1478272]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-11 27760]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-11 2182768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-27 21:59	244672	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-27 21:59	244672	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-27 21:59	244672	----a-w-	c:\users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 80.69.103.78 80.69.100.230
FF - ProfilePath - c:\users\Guy Incognito\AppData\Roaming\Mozilla\Firefox\Profiles\h2mrvonm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-30  21:54:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-30 19:54
.
Vor Suchlauf: 9 Verzeichnis(se), 713.459.646.464 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 713.481.998.336 Bytes frei
.
- - End Of File - - 0A2E8758D169683DCC9BF9E0059E5C0E


TDSSKiller:

21:59:36.0619 1660  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:59:36.0725 1660  ============================================================
21:59:36.0725 1660  Current date / time: 2012/08/30 21:59:36.0725
21:59:36.0725 1660  SystemInfo:
21:59:36.0725 1660  
21:59:36.0725 1660  OS Version: 6.1.7601 ServicePack: 1.0
21:59:36.0725 1660  Product type: Workstation
21:59:36.0725 1660  ComputerName: PK-PC
21:59:36.0725 1660  UserName: Guy Incognito
21:59:36.0725 1660  Windows directory: C:\Windows
21:59:36.0725 1660  System windows directory: C:\Windows
21:59:36.0725 1660  Running under WOW64
21:59:36.0725 1660  Processor architecture: Intel x64
21:59:36.0725 1660  Number of processors: 4
21:59:36.0725 1660  Page size: 0x1000
21:59:36.0725 1660  Boot type: Normal boot
21:59:36.0725 1660  ============================================================
21:59:39.0249 1660  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:39.0268 1660  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:39.0272 1660  ============================================================
21:59:39.0273 1660  \Device\Harddisk0\DR0:
21:59:39.0273 1660  MBR partitions:
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x59325000
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x59357800, BlocksNum 0x5572F000
21:59:39.0273 1660  \Device\Harddisk1\DR1:
21:59:39.0273 1660  MBR partitions:
21:59:39.0273 1660  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
21:59:39.0273 1660  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD1C993D
21:59:39.0273 1660  ============================================================
21:59:39.0294 1660  D: <-> \Device\Harddisk1\DR1\Partition1
21:59:39.0307 1660  E: <-> \Device\Harddisk1\DR1\Partition2
21:59:39.0326 1660  ============================================================
21:59:39.0326 1660  Initialize success
21:59:39.0326 1660  ============================================================
21:59:44.0129 2684  ============================================================
21:59:44.0129 2684  Scan started
21:59:44.0129 2684  Mode: Manual; 
21:59:44.0129 2684  ============================================================
21:59:44.0410 2684  ================ Scan system memory ========================
21:59:44.0410 2684  System memory - ok
21:59:44.0411 2684  ================ Scan services =============================
21:59:44.0452 2684  1394ohci - ok
21:59:44.0464 2684  ACPI - ok
21:59:44.0473 2684  AcpiPmi - ok
21:59:44.0520 2684  AdobeFlashPlayerUpdateSvc - ok
21:59:44.0546 2684  adp94xx - ok
21:59:44.0551 2684  adpahci - ok
21:59:44.0571 2684  adpu320 - ok
21:59:44.0578 2684  AeLookupSvc - ok
21:59:44.0611 2684  AFD - ok
21:59:44.0620 2684  agp440 - ok
21:59:44.0628 2684  ALG - ok
21:59:44.0636 2684  aliide - ok
21:59:44.0640 2684  amdide - ok
21:59:44.0644 2684  AmdK8 - ok
21:59:44.0649 2684  AmdPPM - ok
21:59:44.0656 2684  amdsata - ok
21:59:44.0659 2684  amdsbs - ok
21:59:44.0661 2684  amdxata - ok
21:59:44.0670 2684  AppID - ok
21:59:44.0678 2684  AppIDSvc - ok
21:59:44.0686 2684  Appinfo - ok
21:59:44.0705 2684  appliand - ok
21:59:44.0707 2684  appliandMP - ok
21:59:44.0710 2684  AppMgmt - ok
21:59:44.0721 2684  arc - ok
21:59:44.0738 2684  arcsas - ok
21:59:44.0749 2684  asComSvc - ok
21:59:44.0752 2684  asHmComSvc - ok
21:59:44.0766 2684  AsIO - ok
21:59:44.0769 2684  AsSysCtrlService - ok
21:59:44.0783 2684  AsUpIO - ok
21:59:44.0791 2684  AsusFanControlService - ok
21:59:44.0825 2684  ASUSFILTER - ok
21:59:44.0842 2684  AsyncMac - ok
21:59:44.0846 2684  atapi - ok
21:59:44.0850 2684  AudioEndpointBuilder - ok
21:59:44.0855 2684  AudioSrv - ok
21:59:44.0876 2684  AxInstSV - ok
21:59:44.0895 2684  b06bdrv - ok
21:59:44.0900 2684  b57nd60a - ok
21:59:44.0906 2684  BDESVC - ok
21:59:44.0929 2684  Beep - ok
21:59:45.0053 2684  BFE - ok
21:59:45.0058 2684  BITS - ok
21:59:45.0062 2684  blbdrive - ok
21:59:45.0078 2684  bowser - ok
21:59:45.0112 2684  BrFiltLo - ok
21:59:45.0117 2684  BrFiltUp - ok
21:59:45.0164 2684  BridgeMP - ok
21:59:45.0170 2684  Browser - ok
21:59:45.0175 2684  Brserid - ok
21:59:45.0180 2684  BrSerWdm - ok
21:59:45.0185 2684  BrUsbMdm - ok
21:59:45.0190 2684  BrUsbSer - ok
21:59:45.0193 2684  BTHMODEM - ok
21:59:45.0196 2684  bthserv - ok
21:59:45.0199 2684  cdfs - ok
21:59:45.0202 2684  cdrom - ok
21:59:45.0228 2684  CertPropSvc - ok
21:59:45.0235 2684  circlass - ok
21:59:45.0244 2684  CLFS - ok
21:59:45.0248 2684  clr_optimization_v2.0.50727_32 - ok
21:59:45.0251 2684  clr_optimization_v2.0.50727_64 - ok
21:59:45.0255 2684  clr_optimization_v4.0.30319_32 - ok
21:59:45.0258 2684  clr_optimization_v4.0.30319_64 - ok
21:59:45.0262 2684  CmBatt - ok
21:59:45.0266 2684  cmdide - ok
21:59:45.0286 2684  CNG - ok
21:59:45.0322 2684  Compbatt - ok
21:59:45.0326 2684  CompositeBus - ok
21:59:45.0335 2684  COMSysApp - ok
21:59:45.0340 2684  crcdisk - ok
21:59:45.0345 2684  CryptSvc - ok
21:59:45.0350 2684  CSC - ok
21:59:45.0361 2684  CscService - ok
21:59:45.0385 2684  DcomLaunch - ok
21:59:45.0423 2684  defragsvc - ok
21:59:45.0448 2684  DfsC - ok
21:59:45.0497 2684  Dhcp - ok
21:59:45.0501 2684  discache - ok
21:59:45.0522 2684  Disk - ok
21:59:45.0527 2684  dmvsc - ok
21:59:45.0536 2684  Dnscache - ok
21:59:45.0540 2684  dot3svc - ok
21:59:45.0544 2684  DPS - ok
21:59:45.0567 2684  drmkaud - ok
21:59:45.0570 2684  dtsoftbus01 - ok
21:59:45.0573 2684  DXGKrnl - ok
21:59:45.0575 2684  E1G60 - ok
21:59:45.0581 2684  eamonm - ok
21:59:45.0584 2684  EapHost - ok
21:59:45.0587 2684  ebdrv - ok
21:59:45.0589 2684  EFS - ok
21:59:45.0631 2684  ehdrv - ok
21:59:45.0633 2684  ehRecvr - ok
21:59:45.0636 2684  ehSched - ok
21:59:45.0663 2684  ekrn - ok
21:59:45.0679 2684  elxstor - ok
21:59:45.0691 2684  epfw - ok
21:59:45.0695 2684  EpfwLWF - ok
21:59:45.0700 2684  epfwwfp - ok
21:59:45.0704 2684  ErrDev - ok
21:59:45.0716 2684  EventSystem - ok
21:59:45.0744 2684  exfat - ok
21:59:45.0749 2684  fastfat - ok
21:59:45.0757 2684  Fax - ok
21:59:45.0761 2684  fdc - ok
21:59:45.0766 2684  fdPHost - ok
21:59:45.0770 2684  FDResPub - ok
21:59:45.0774 2684  FileInfo - ok
21:59:45.0778 2684  Filetrace - ok
21:59:45.0783 2684  flpydisk - ok
21:59:45.0787 2684  FltMgr - ok
21:59:45.0791 2684  FontCache - ok
21:59:45.0793 2684  FontCache3.0.0.0 - ok
21:59:45.0795 2684  FsDepends - ok
21:59:45.0798 2684  Fs_Rec - ok
21:59:45.0800 2684  fvevol - ok
21:59:45.0813 2684  gagp30kx - ok
21:59:45.0822 2684  gpsvc - ok
21:59:45.0824 2684  hcw85cir - ok
21:59:45.0833 2684  HdAudAddService - ok
21:59:45.0836 2684  HDAudBus - ok
21:59:45.0838 2684  HidBatt - ok
21:59:45.0840 2684  HidBth - ok
21:59:45.0842 2684  HidIr - ok
21:59:45.0845 2684  hidserv - ok
21:59:45.0856 2684  HidUsb - ok
21:59:45.0873 2684  hkmsvc - ok
21:59:45.0875 2684  HomeGroupListener - ok
21:59:45.0877 2684  HomeGroupProvider - ok
21:59:45.0887 2684  HpSAMD - ok
21:59:45.0889 2684  HTTP - ok
21:59:45.0892 2684  hwpolicy - ok
21:59:45.0894 2684  i8042prt - ok
21:59:45.0896 2684  iaStorV - ok
21:59:45.0898 2684  idsvc - ok
21:59:45.0901 2684  iirsp - ok
21:59:45.0910 2684  IKEEXT - ok
21:59:45.0925 2684  Intel(R) Capability Licensing Service Interface - ok
21:59:45.0927 2684  intelide - ok
21:59:45.0929 2684  intelppm - ok
21:59:45.0932 2684  IPBusEnum - ok
21:59:45.0934 2684  IpFilterDriver - ok
21:59:45.0936 2684  iphlpsvc - ok
21:59:45.0939 2684  IPMIDRV - ok
21:59:45.0969 2684  IPNAT - ok
21:59:45.0978 2684  IRENUM - ok
21:59:45.0982 2684  isapnp - ok
21:59:45.0985 2684  iScsiPrt - ok
21:59:45.0999 2684  iusb3hcs - ok
21:59:46.0006 2684  iusb3hub - ok
21:59:46.0008 2684  iusb3xhc - ok
21:59:46.0015 2684  jhi_service - ok
21:59:46.0022 2684  kbdclass - ok
21:59:46.0024 2684  kbdhid - ok
21:59:46.0044 2684  KeyIso - ok
21:59:46.0046 2684  KSecDD - ok
21:59:46.0049 2684  KSecPkg - ok
21:59:46.0053 2684  ksthunk - ok
21:59:46.0060 2684  KtmRm - ok
21:59:46.0069 2684  LanmanServer - ok
21:59:46.0071 2684  LanmanWorkstation - ok
21:59:46.0091 2684  lltdio - ok
21:59:46.0102 2684  lltdsvc - ok
21:59:46.0104 2684  lmhosts - ok
21:59:46.0111 2684  LMS - ok
21:59:46.0115 2684  LSI_FC - ok
21:59:46.0117 2684  LSI_SAS - ok
21:59:46.0119 2684  LSI_SAS2 - ok
21:59:46.0122 2684  LSI_SCSI - ok
21:59:46.0126 2684  luafv - ok
21:59:46.0167 2684  MBAMProtector - ok
21:59:46.0169 2684  MBAMService - ok
21:59:46.0175 2684  Mcx2Svc - ok
21:59:46.0177 2684  megasas - ok
21:59:46.0179 2684  MegaSR - ok
21:59:46.0193 2684  MEIx64 - ok
21:59:46.0204 2684  MMCSS - ok
21:59:46.0206 2684  Modem - ok
21:59:46.0208 2684  monitor - ok
21:59:46.0219 2684  mouclass - ok
21:59:46.0227 2684  mouhid - ok
21:59:46.0244 2684  mountmgr - ok
21:59:46.0262 2684  MozillaMaintenance - ok
21:59:46.0267 2684  mpio - ok
21:59:46.0271 2684  mpsdrv - ok
21:59:46.0330 2684  MpsSvc - ok
21:59:46.0334 2684  MRxDAV - ok
21:59:46.0338 2684  mrxsmb - ok
21:59:46.0342 2684  mrxsmb10 - ok
21:59:46.0347 2684  mrxsmb20 - ok
21:59:46.0351 2684  msahci - ok
21:59:46.0355 2684  msdsm - ok
21:59:46.0359 2684  MSDTC - ok
21:59:46.0403 2684  Msfs - ok
21:59:46.0408 2684  mshidkmdf - ok
21:59:46.0412 2684  msisadrv - ok
21:59:46.0417 2684  MSiSCSI - ok
21:59:46.0421 2684  msiserver - ok
21:59:46.0424 2684  MSKSSRV - ok
21:59:46.0428 2684  MSPCLOCK - ok
21:59:46.0432 2684  MSPQM - ok
21:59:46.0436 2684  MsRPC - ok
21:59:46.0442 2684  mssmbios - ok
21:59:46.0445 2684  MSTEE - ok
21:59:46.0450 2684  MTConfig - ok
21:59:46.0452 2684  Mup - ok
21:59:46.0455 2684  napagent - ok
21:59:46.0457 2684  NativeWifiP - ok
21:59:46.0502 2684  NDIS - ok
21:59:46.0515 2684  NdisCap - ok
21:59:46.0528 2684  ndisrd - ok
21:59:46.0544 2684  NdisTapi - ok
21:59:46.0579 2684  Ndisuio - ok
21:59:46.0583 2684  NdisWan - ok
21:59:46.0587 2684  NDProxy - ok
21:59:46.0598 2684  NetBIOS - ok
21:59:46.0602 2684  NetBT - ok
21:59:46.0611 2684  Netlogon - ok
21:59:46.0634 2684  Netman - ok
21:59:46.0637 2684  netprofm - ok
21:59:46.0641 2684  NetTcpPortSharing - ok
21:59:46.0645 2684  nfrd960 - ok
21:59:46.0652 2684  NlaSvc - ok
21:59:46.0656 2684  Npfs - ok
21:59:46.0659 2684  nsi - ok
21:59:46.0662 2684  nsiproxy - ok
21:59:46.0665 2684  Ntfs - ok
21:59:46.0668 2684  Null - ok
21:59:46.0671 2684  NVHDA - ok
21:59:46.0673 2684  nvlddmkm - ok
21:59:46.0675 2684  nvraid - ok
21:59:46.0678 2684  nvstor - ok
21:59:46.0701 2684  nvsvc - ok
21:59:46.0710 2684  nv_agp - ok
21:59:46.0712 2684  ohci1394 - ok
21:59:46.0715 2684  p2pimsvc - ok
21:59:46.0717 2684  p2psvc - ok
21:59:46.0719 2684  Parport - ok
21:59:46.0721 2684  partmgr - ok
21:59:46.0724 2684  PcaSvc - ok
21:59:46.0726 2684  pci - ok
21:59:46.0728 2684  pciide - ok
21:59:46.0730 2684  pcmcia - ok
21:59:46.0733 2684  pcw - ok
21:59:46.0735 2684  PEAUTH - ok
21:59:46.0737 2684  PeerDistSvc - ok
21:59:46.0740 2684  PerfHost - ok
21:59:46.0745 2684  pla - ok
21:59:46.0750 2684  PlugPlay - ok
21:59:46.0752 2684  PNRPAutoReg - ok
21:59:46.0794 2684  PNRPsvc - ok
21:59:46.0799 2684  PolicyAgent - ok
21:59:46.0805 2684  Power - ok
21:59:46.0861 2684  PptpMiniport - ok
21:59:46.0865 2684  Processor - ok
21:59:46.0869 2684  ProfSvc - ok
21:59:46.0874 2684  ProtectedStorage - ok
21:59:46.0878 2684  Psched - ok
21:59:46.0886 2684  ql2300 - ok
21:59:46.0920 2684  ql40xx - ok
21:59:46.0924 2684  QWAVE - ok
21:59:46.0928 2684  QWAVEdrv - ok
21:59:46.0933 2684  RasAcd - ok
21:59:46.0952 2684  RasAgileVpn - ok
21:59:46.0956 2684  RasAuto - ok
21:59:46.0969 2684  Rasl2tp - ok
21:59:46.0978 2684  RasMan - ok
21:59:46.0984 2684  RasPppoe - ok
21:59:46.0994 2684  RasSstp - ok
21:59:46.0999 2684  rdbss - ok
21:59:47.0003 2684  rdpbus - ok
21:59:47.0007 2684  RDPCDD - ok
21:59:47.0014 2684  RDPDR - ok
21:59:47.0022 2684  RDPENCDD - ok
21:59:47.0028 2684  RDPREFMP - ok
21:59:47.0034 2684  RdpVideoMiniport - ok
21:59:47.0037 2684  RDPWD - ok
21:59:47.0045 2684  rdyboost - ok
21:59:47.0077 2684  RemoteAccess - ok
21:59:47.0079 2684  RemoteRegistry - ok
21:59:47.0082 2684  RpcEptMapper - ok
21:59:47.0086 2684  RpcLocator - ok
21:59:47.0090 2684  RpcSs - ok
21:59:47.0103 2684  rspndr - ok
21:59:47.0112 2684  RTL8167 - ok
21:59:47.0115 2684  s3cap - ok
21:59:47.0117 2684  SamSs - ok
21:59:47.0120 2684  sbp2port - ok
21:59:47.0122 2684  SCardSvr - ok
21:59:47.0125 2684  scfilter - ok
21:59:47.0127 2684  Schedule - ok
21:59:47.0131 2684  SCPolicySvc - ok
21:59:47.0133 2684  SDRSVC - ok
21:59:47.0135 2684  secdrv - ok
21:59:47.0138 2684  seclogon - ok
21:59:47.0142 2684  SENS - ok
21:59:47.0144 2684  SensrSvc - ok
21:59:47.0155 2684  Serenum - ok
21:59:47.0172 2684  Serial - ok
21:59:47.0175 2684  sermouse - ok
21:59:47.0180 2684  SessionEnv - ok
21:59:47.0182 2684  sffdisk - ok
21:59:47.0185 2684  sffp_mmc - ok
21:59:47.0187 2684  sffp_sd - ok
21:59:47.0189 2684  sfloppy - ok
21:59:47.0272 2684  SharedAccess - ok
21:59:47.0276 2684  ShellHWDetection - ok
21:59:47.0288 2684  SiSRaid2 - ok
21:59:47.0293 2684  SiSRaid4 - ok
21:59:47.0312 2684  SkypeUpdate - ok
21:59:47.0317 2684  Smb - ok
21:59:47.0329 2684  SNMPTRAP - ok
21:59:47.0333 2684  spldr - ok
21:59:47.0341 2684  Spooler - ok
21:59:47.0345 2684  sppsvc - ok
21:59:47.0348 2684  sppuinotify - ok
21:59:47.0352 2684  srv - ok
21:59:47.0354 2684  srv2 - ok
21:59:47.0356 2684  srvnet - ok
21:59:47.0367 2684  SSDPSRV - ok
21:59:47.0369 2684  SstpSvc - ok
21:59:47.0376 2684  Stereo Service - ok
21:59:47.0379 2684  stexstor - ok
21:59:47.0381 2684  stisvc - ok
21:59:47.0383 2684  storflt - ok
21:59:47.0385 2684  StorSvc - ok
21:59:47.0387 2684  storvsc - ok
21:59:47.0390 2684  swenum - ok
21:59:47.0392 2684  swprv - ok
21:59:47.0394 2684  Synth3dVsc - ok
21:59:47.0397 2684  SysMain - ok
21:59:47.0399 2684  TabletInputService - ok
21:59:47.0401 2684  TapiSrv - ok
21:59:47.0403 2684  TBS - ok
21:59:47.0405 2684  Tcpip - ok
21:59:47.0413 2684  TCPIP6 - ok
21:59:47.0416 2684  tcpipreg - ok
21:59:47.0419 2684  TDPIPE - ok
21:59:47.0422 2684  TDTCP - ok
21:59:47.0428 2684  tdx - ok
21:59:47.0430 2684  TeamViewer7 - ok
21:59:47.0433 2684  TermDD - ok
21:59:47.0435 2684  terminpt - ok
21:59:47.0437 2684  TermService - ok
21:59:47.0439 2684  Themes - ok
21:59:47.0441 2684  THREADORDER - ok
21:59:47.0444 2684  TrkWks - ok
21:59:47.0455 2684  truecrypt - ok
21:59:47.0457 2684  TrustedInstaller - ok
21:59:47.0461 2684  tssecsrv - ok
21:59:47.0471 2684  TsUsbFlt - ok
21:59:47.0473 2684  TsUsbGD - ok
21:59:47.0475 2684  tsusbhub - ok
21:59:47.0487 2684  tunnel - ok
21:59:47.0489 2684  uagp35 - ok
21:59:47.0491 2684  udfs - ok
21:59:47.0496 2684  UI0Detect - ok
21:59:47.0498 2684  uliagpkx - ok
21:59:47.0502 2684  umbus - ok
21:59:47.0504 2684  UmPass - ok
21:59:47.0506 2684  UmRdpService - ok
21:59:47.0511 2684  UNS - ok
21:59:47.0514 2684  upnphost - ok
21:59:47.0516 2684  usbccgp - ok
21:59:47.0518 2684  usbcir - ok
21:59:47.0520 2684  usbehci - ok
21:59:47.0537 2684  usbhub - ok
21:59:47.0539 2684  usbohci - ok
21:59:47.0541 2684  usbprint - ok
21:59:47.0544 2684  USBSTOR - ok
21:59:47.0546 2684  usbuhci - ok
21:59:47.0548 2684  UxSms - ok
21:59:47.0550 2684  VaultSvc - ok
21:59:47.0560 2684  vdrvroot - ok
21:59:47.0563 2684  vds - ok
21:59:47.0570 2684  vga - ok
21:59:47.0573 2684  VgaSave - ok
21:59:47.0575 2684  VGPU - ok
21:59:47.0577 2684  vhdmp - ok
21:59:47.0581 2684  VIAHdAudAddService - ok
21:59:47.0583 2684  viaide - ok
21:59:47.0585 2684  VIAKaraokeService - ok
21:59:47.0588 2684  vmbus - ok
21:59:47.0590 2684  VMBusHID - ok
21:59:47.0592 2684  volmgr - ok
21:59:47.0594 2684  volmgrx - ok
21:59:47.0597 2684  volsnap - ok
21:59:47.0599 2684  vsmraid - ok
21:59:47.0602 2684  VSS - ok
21:59:47.0604 2684  vwifibus - ok
21:59:47.0611 2684  W32Time - ok
21:59:47.0614 2684  WacomPen - ok
21:59:47.0635 2684  WANARP - ok
21:59:47.0644 2684  Wanarpv6 - ok
21:59:47.0646 2684  wbengine - ok
21:59:47.0648 2684  WbioSrvc - ok
21:59:47.0650 2684  wcncsvc - ok
21:59:47.0652 2684  WcsPlugInService - ok
21:59:47.0655 2684  Wd - ok
21:59:47.0657 2684  Wdf01000 - ok
21:59:47.0659 2684  WdiServiceHost - ok
21:59:47.0661 2684  WdiSystemHost - ok
21:59:47.0664 2684  WebClient - ok
21:59:47.0666 2684  Wecsvc - ok
21:59:47.0668 2684  wercplsupport - ok
21:59:47.0672 2684  WerSvc - ok
21:59:47.0685 2684  WfpLwf - ok
21:59:47.0687 2684  WIMMount - ok
21:59:47.0843 2684  WinDefend - ok
21:59:47.0849 2684  WinHttpAutoProxySvc - ok
21:59:47.0853 2684  Winmgmt - ok
21:59:47.0857 2684  WinRM - ok
21:59:47.0887 2684  WinUsb - ok
21:59:47.0891 2684  Wlansvc - ok
21:59:47.0899 2684  WmiAcpi - ok
21:59:47.0904 2684  wmiApSrv - ok
21:59:47.0908 2684  WMPNetworkSvc - ok
21:59:47.0912 2684  WPCSvc - ok
21:59:47.0916 2684  WPDBusEnum - ok
21:59:47.0920 2684  ws2ifsl - ok
21:59:47.0960 2684  wscsvc - ok
21:59:47.0965 2684  WSearch - ok
21:59:47.0972 2684  wuauserv - ok
21:59:47.0976 2684  WudfPf - ok
21:59:47.0984 2684  WUDFRd - ok
21:59:47.0988 2684  wudfsvc - ok
21:59:47.0992 2684  WwanSvc - ok
21:59:47.0998 2684  ================ Scan global ===============================
21:59:48.0001 2684  [Global] - ok
21:59:48.0003 2684  ================ Scan MBR ==================================
21:59:48.0005 2684  [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
21:59:48.0242 2684  \Device\Harddisk0\DR0 - ok
21:59:48.0244 2684  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:59:48.0358 2684  \Device\Harddisk1\DR1 - ok
21:59:48.0358 2684  ================ Scan VBR ==================================
21:59:48.0361 2684  [ EDB8F5EAFFE56A6C72181EF1505BE608 ] \Device\Harddisk0\DR0\Partition1
21:59:48.0361 2684  \Device\Harddisk0\DR0\Partition1 - ok
21:59:48.0374 2684  [ 4FCD4733E954A0E603FC456FC42C8C12 ] \Device\Harddisk0\DR0\Partition2
21:59:48.0375 2684  \Device\Harddisk0\DR0\Partition2 - ok
21:59:48.0378 2684  [ 3AD568963FFE9CF005807FBAEE931948 ] \Device\Harddisk0\DR0\Partition3
21:59:48.0378 2684  \Device\Harddisk0\DR0\Partition3 - ok
21:59:48.0382 2684  [ E05FF39BFCD8154FC8D30B2D88E20297 ] \Device\Harddisk1\DR1\Partition1
21:59:48.0384 2684  \Device\Harddisk1\DR1\Partition1 - ok
21:59:48.0387 2684  [ 930E0B774DD8B95704C1807B76886B57 ] \Device\Harddisk1\DR1\Partition2
21:59:48.0387 2684  \Device\Harddisk1\DR1\Partition2 - ok
21:59:48.0388 2684  ============================================================
21:59:48.0388 2684  Scan finished
21:59:48.0388 2684  ============================================================
21:59:48.0398 1500  Detected object count: 0
21:59:48.0398 1500  Actual detected object count: 0
22:00:17.0333 3148  Deinitialize success


Malwarebytes (note: didnt give me anything to fix):

21:59:36.0619 1660  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:59:36.0725 1660  ============================================================
21:59:36.0725 1660  Current date / time: 2012/08/30 21:59:36.0725
21:59:36.0725 1660  SystemInfo:
21:59:36.0725 1660  
21:59:36.0725 1660  OS Version: 6.1.7601 ServicePack: 1.0
21:59:36.0725 1660  Product type: Workstation
21:59:36.0725 1660  ComputerName: PK-PC
21:59:36.0725 1660  UserName: Guy Incognito
21:59:36.0725 1660  Windows directory: C:\Windows
21:59:36.0725 1660  System windows directory: C:\Windows
21:59:36.0725 1660  Running under WOW64
21:59:36.0725 1660  Processor architecture: Intel x64
21:59:36.0725 1660  Number of processors: 4
21:59:36.0725 1660  Page size: 0x1000
21:59:36.0725 1660  Boot type: Normal boot
21:59:36.0725 1660  ============================================================
21:59:39.0249 1660  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:39.0268 1660  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:39.0272 1660  ============================================================
21:59:39.0273 1660  \Device\Harddisk0\DR0:
21:59:39.0273 1660  MBR partitions:
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x59325000
21:59:39.0273 1660  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x59357800, BlocksNum 0x5572F000
21:59:39.0273 1660  \Device\Harddisk1\DR1:
21:59:39.0273 1660  MBR partitions:
21:59:39.0273 1660  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
21:59:39.0273 1660  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD1C993D
21:59:39.0273 1660  ============================================================
21:59:39.0294 1660  D: <-> \Device\Harddisk1\DR1\Partition1
21:59:39.0307 1660  E: <-> \Device\Harddisk1\DR1\Partition2
21:59:39.0326 1660  ============================================================
21:59:39.0326 1660  Initialize success
21:59:39.0326 1660  ============================================================
21:59:44.0129 2684  ============================================================
21:59:44.0129 2684  Scan started
21:59:44.0129 2684  Mode: Manual; 
21:59:44.0129 2684  ============================================================
21:59:44.0410 2684  ================ Scan system memory ========================
21:59:44.0410 2684  System memory - ok
21:59:44.0411 2684  ================ Scan services =============================
21:59:44.0452 2684  1394ohci - ok
21:59:44.0464 2684  ACPI - ok
21:59:44.0473 2684  AcpiPmi - ok
21:59:44.0520 2684  AdobeFlashPlayerUpdateSvc - ok
21:59:44.0546 2684  adp94xx - ok
21:59:44.0551 2684  adpahci - ok
21:59:44.0571 2684  adpu320 - ok
21:59:44.0578 2684  AeLookupSvc - ok
21:59:44.0611 2684  AFD - ok
21:59:44.0620 2684  agp440 - ok
21:59:44.0628 2684  ALG - ok
21:59:44.0636 2684  aliide - ok
21:59:44.0640 2684  amdide - ok
21:59:44.0644 2684  AmdK8 - ok
21:59:44.0649 2684  AmdPPM - ok
21:59:44.0656 2684  amdsata - ok
21:59:44.0659 2684  amdsbs - ok
21:59:44.0661 2684  amdxata - ok
21:59:44.0670 2684  AppID - ok
21:59:44.0678 2684  AppIDSvc - ok
21:59:44.0686 2684  Appinfo - ok
21:59:44.0705 2684  appliand - ok
21:59:44.0707 2684  appliandMP - ok
21:59:44.0710 2684  AppMgmt - ok
21:59:44.0721 2684  arc - ok
21:59:44.0738 2684  arcsas - ok
21:59:44.0749 2684  asComSvc - ok
21:59:44.0752 2684  asHmComSvc - ok
21:59:44.0766 2684  AsIO - ok
21:59:44.0769 2684  AsSysCtrlService - ok
21:59:44.0783 2684  AsUpIO - ok
21:59:44.0791 2684  AsusFanControlService - ok
21:59:44.0825 2684  ASUSFILTER - ok
21:59:44.0842 2684  AsyncMac - ok
21:59:44.0846 2684  atapi - ok
21:59:44.0850 2684  AudioEndpointBuilder - ok
21:59:44.0855 2684  AudioSrv - ok
21:59:44.0876 2684  AxInstSV - ok
21:59:44.0895 2684  b06bdrv - ok
21:59:44.0900 2684  b57nd60a - ok
21:59:44.0906 2684  BDESVC - ok
21:59:44.0929 2684  Beep - ok
21:59:45.0053 2684  BFE - ok
21:59:45.0058 2684  BITS - ok
21:59:45.0062 2684  blbdrive - ok
21:59:45.0078 2684  bowser - ok
21:59:45.0112 2684  BrFiltLo - ok
21:59:45.0117 2684  BrFiltUp - ok
21:59:45.0164 2684  BridgeMP - ok
21:59:45.0170 2684  Browser - ok
21:59:45.0175 2684  Brserid - ok
21:59:45.0180 2684  BrSerWdm - ok
21:59:45.0185 2684  BrUsbMdm - ok
21:59:45.0190 2684  BrUsbSer - ok
21:59:45.0193 2684  BTHMODEM - ok
21:59:45.0196 2684  bthserv - ok
21:59:45.0199 2684  cdfs - ok
21:59:45.0202 2684  cdrom - ok
21:59:45.0228 2684  CertPropSvc - ok
21:59:45.0235 2684  circlass - ok
21:59:45.0244 2684  CLFS - ok
21:59:45.0248 2684  clr_optimization_v2.0.50727_32 - ok
21:59:45.0251 2684  clr_optimization_v2.0.50727_64 - ok
21:59:45.0255 2684  clr_optimization_v4.0.30319_32 - ok
21:59:45.0258 2684  clr_optimization_v4.0.30319_64 - ok
21:59:45.0262 2684  CmBatt - ok
21:59:45.0266 2684  cmdide - ok
21:59:45.0286 2684  CNG - ok
21:59:45.0322 2684  Compbatt - ok
21:59:45.0326 2684  CompositeBus - ok
21:59:45.0335 2684  COMSysApp - ok
21:59:45.0340 2684  crcdisk - ok
21:59:45.0345 2684  CryptSvc - ok
21:59:45.0350 2684  CSC - ok
21:59:45.0361 2684  CscService - ok
21:59:45.0385 2684  DcomLaunch - ok
21:59:45.0423 2684  defragsvc - ok
21:59:45.0448 2684  DfsC - ok
21:59:45.0497 2684  Dhcp - ok
21:59:45.0501 2684  discache - ok
21:59:45.0522 2684  Disk - ok
21:59:45.0527 2684  dmvsc - ok
21:59:45.0536 2684  Dnscache - ok
21:59:45.0540 2684  dot3svc - ok
21:59:45.0544 2684  DPS - ok
21:59:45.0567 2684  drmkaud - ok
21:59:45.0570 2684  dtsoftbus01 - ok
21:59:45.0573 2684  DXGKrnl - ok
21:59:45.0575 2684  E1G60 - ok
21:59:45.0581 2684  eamonm - ok
21:59:45.0584 2684  EapHost - ok
21:59:45.0587 2684  ebdrv - ok
21:59:45.0589 2684  EFS - ok
21:59:45.0631 2684  ehdrv - ok
21:59:45.0633 2684  ehRecvr - ok
21:59:45.0636 2684  ehSched - ok
21:59:45.0663 2684  ekrn - ok
21:59:45.0679 2684  elxstor - ok
21:59:45.0691 2684  epfw - ok
21:59:45.0695 2684  EpfwLWF - ok
21:59:45.0700 2684  epfwwfp - ok
21:59:45.0704 2684  ErrDev - ok
21:59:45.0716 2684  EventSystem - ok
21:59:45.0744 2684  exfat - ok
21:59:45.0749 2684  fastfat - ok
21:59:45.0757 2684  Fax - ok
21:59:45.0761 2684  fdc - ok
21:59:45.0766 2684  fdPHost - ok
21:59:45.0770 2684  FDResPub - ok
21:59:45.0774 2684  FileInfo - ok
21:59:45.0778 2684  Filetrace - ok
21:59:45.0783 2684  flpydisk - ok
21:59:45.0787 2684  FltMgr - ok
21:59:45.0791 2684  FontCache - ok
21:59:45.0793 2684  FontCache3.0.0.0 - ok
21:59:45.0795 2684  FsDepends - ok
21:59:45.0798 2684  Fs_Rec - ok
21:59:45.0800 2684  fvevol - ok
21:59:45.0813 2684  gagp30kx - ok
21:59:45.0822 2684  gpsvc - ok
21:59:45.0824 2684  hcw85cir - ok
21:59:45.0833 2684  HdAudAddService - ok
21:59:45.0836 2684  HDAudBus - ok
21:59:45.0838 2684  HidBatt - ok
21:59:45.0840 2684  HidBth - ok
21:59:45.0842 2684  HidIr - ok
21:59:45.0845 2684  hidserv - ok
21:59:45.0856 2684  HidUsb - ok
21:59:45.0873 2684  hkmsvc - ok
21:59:45.0875 2684  HomeGroupListener - ok
21:59:45.0877 2684  HomeGroupProvider - ok
21:59:45.0887 2684  HpSAMD - ok
21:59:45.0889 2684  HTTP - ok
21:59:45.0892 2684  hwpolicy - ok
21:59:45.0894 2684  i8042prt - ok
21:59:45.0896 2684  iaStorV - ok
21:59:45.0898 2684  idsvc - ok
21:59:45.0901 2684  iirsp - ok
21:59:45.0910 2684  IKEEXT - ok
21:59:45.0925 2684  Intel(R) Capability Licensing Service Interface - ok
21:59:45.0927 2684  intelide - ok
21:59:45.0929 2684  intelppm - ok
21:59:45.0932 2684  IPBusEnum - ok
21:59:45.0934 2684  IpFilterDriver - ok
21:59:45.0936 2684  iphlpsvc - ok
21:59:45.0939 2684  IPMIDRV - ok
21:59:45.0969 2684  IPNAT - ok
21:59:45.0978 2684  IRENUM - ok
21:59:45.0982 2684  isapnp - ok
21:59:45.0985 2684  iScsiPrt - ok
21:59:45.0999 2684  iusb3hcs - ok
21:59:46.0006 2684  iusb3hub - ok
21:59:46.0008 2684  iusb3xhc - ok
21:59:46.0015 2684  jhi_service - ok
21:59:46.0022 2684  kbdclass - ok
21:59:46.0024 2684  kbdhid - ok
21:59:46.0044 2684  KeyIso - ok
21:59:46.0046 2684  KSecDD - ok
21:59:46.0049 2684  KSecPkg - ok
21:59:46.0053 2684  ksthunk - ok
21:59:46.0060 2684  KtmRm - ok
21:59:46.0069 2684  LanmanServer - ok
21:59:46.0071 2684  LanmanWorkstation - ok
21:59:46.0091 2684  lltdio - ok
21:59:46.0102 2684  lltdsvc - ok
21:59:46.0104 2684  lmhosts - ok
21:59:46.0111 2684  LMS - ok
21:59:46.0115 2684  LSI_FC - ok
21:59:46.0117 2684  LSI_SAS - ok
21:59:46.0119 2684  LSI_SAS2 - ok
21:59:46.0122 2684  LSI_SCSI - ok
21:59:46.0126 2684  luafv - ok
21:59:46.0167 2684  MBAMProtector - ok
21:59:46.0169 2684  MBAMService - ok
21:59:46.0175 2684  Mcx2Svc - ok
21:59:46.0177 2684  megasas - ok
21:59:46.0179 2684  MegaSR - ok
21:59:46.0193 2684  MEIx64 - ok
21:59:46.0204 2684  MMCSS - ok
21:59:46.0206 2684  Modem - ok
21:59:46.0208 2684  monitor - ok
21:59:46.0219 2684  mouclass - ok
21:59:46.0227 2684  mouhid - ok
21:59:46.0244 2684  mountmgr - ok
21:59:46.0262 2684  MozillaMaintenance - ok
21:59:46.0267 2684  mpio - ok
21:59:46.0271 2684  mpsdrv - ok
21:59:46.0330 2684  MpsSvc - ok
21:59:46.0334 2684  MRxDAV - ok
21:59:46.0338 2684  mrxsmb - ok
21:59:46.0342 2684  mrxsmb10 - ok
21:59:46.0347 2684  mrxsmb20 - ok
21:59:46.0351 2684  msahci - ok
21:59:46.0355 2684  msdsm - ok
21:59:46.0359 2684  MSDTC - ok
21:59:46.0403 2684  Msfs - ok
21:59:46.0408 2684  mshidkmdf - ok
21:59:46.0412 2684  msisadrv - ok
21:59:46.0417 2684  MSiSCSI - ok
21:59:46.0421 2684  msiserver - ok
21:59:46.0424 2684  MSKSSRV - ok
21:59:46.0428 2684  MSPCLOCK - ok
21:59:46.0432 2684  MSPQM - ok
21:59:46.0436 2684  MsRPC - ok
21:59:46.0442 2684  mssmbios - ok
21:59:46.0445 2684  MSTEE - ok
21:59:46.0450 2684  MTConfig - ok
21:59:46.0452 2684  Mup - ok
21:59:46.0455 2684  napagent - ok
21:59:46.0457 2684  NativeWifiP - ok
21:59:46.0502 2684  NDIS - ok
21:59:46.0515 2684  NdisCap - ok
21:59:46.0528 2684  ndisrd - ok
21:59:46.0544 2684  NdisTapi - ok
21:59:46.0579 2684  Ndisuio - ok
21:59:46.0583 2684  NdisWan - ok
21:59:46.0587 2684  NDProxy - ok
21:59:46.0598 2684  NetBIOS - ok
21:59:46.0602 2684  NetBT - ok
21:59:46.0611 2684  Netlogon - ok
21:59:46.0634 2684  Netman - ok
21:59:46.0637 2684  netprofm - ok
21:59:46.0641 2684  NetTcpPortSharing - ok
21:59:46.0645 2684  nfrd960 - ok
21:59:46.0652 2684  NlaSvc - ok
21:59:46.0656 2684  Npfs - ok
21:59:46.0659 2684  nsi - ok
21:59:46.0662 2684  nsiproxy - ok
21:59:46.0665 2684  Ntfs - ok
21:59:46.0668 2684  Null - ok
21:59:46.0671 2684  NVHDA - ok
21:59:46.0673 2684  nvlddmkm - ok
21:59:46.0675 2684  nvraid - ok
21:59:46.0678 2684  nvstor - ok
21:59:46.0701 2684  nvsvc - ok
21:59:46.0710 2684  nv_agp - ok
21:59:46.0712 2684  ohci1394 - ok
21:59:46.0715 2684  p2pimsvc - ok
21:59:46.0717 2684  p2psvc - ok
21:59:46.0719 2684  Parport - ok
21:59:46.0721 2684  partmgr - ok
21:59:46.0724 2684  PcaSvc - ok
21:59:46.0726 2684  pci - ok
21:59:46.0728 2684  pciide - ok
21:59:46.0730 2684  pcmcia - ok
21:59:46.0733 2684  pcw - ok
21:59:46.0735 2684  PEAUTH - ok
21:59:46.0737 2684  PeerDistSvc - ok
21:59:46.0740 2684  PerfHost - ok
21:59:46.0745 2684  pla - ok
21:59:46.0750 2684  PlugPlay - ok
21:59:46.0752 2684  PNRPAutoReg - ok
21:59:46.0794 2684  PNRPsvc - ok
21:59:46.0799 2684  PolicyAgent - ok
21:59:46.0805 2684  Power - ok
21:59:46.0861 2684  PptpMiniport - ok
21:59:46.0865 2684  Processor - ok
21:59:46.0869 2684  ProfSvc - ok
21:59:46.0874 2684  ProtectedStorage - ok
21:59:46.0878 2684  Psched - ok
21:59:46.0886 2684  ql2300 - ok
21:59:46.0920 2684  ql40xx - ok
21:59:46.0924 2684  QWAVE - ok
21:59:46.0928 2684  QWAVEdrv - ok
21:59:46.0933 2684  RasAcd - ok
21:59:46.0952 2684  RasAgileVpn - ok
21:59:46.0956 2684  RasAuto - ok
21:59:46.0969 2684  Rasl2tp - ok
21:59:46.0978 2684  RasMan - ok
21:59:46.0984 2684  RasPppoe - ok
21:59:46.0994 2684  RasSstp - ok
21:59:46.0999 2684  rdbss - ok
21:59:47.0003 2684  rdpbus - ok
21:59:47.0007 2684  RDPCDD - ok
21:59:47.0014 2684  RDPDR - ok
21:59:47.0022 2684  RDPENCDD - ok
21:59:47.0028 2684  RDPREFMP - ok
21:59:47.0034 2684  RdpVideoMiniport - ok
21:59:47.0037 2684  RDPWD - ok
21:59:47.0045 2684  rdyboost - ok
21:59:47.0077 2684  RemoteAccess - ok
21:59:47.0079 2684  RemoteRegistry - ok
21:59:47.0082 2684  RpcEptMapper - ok
21:59:47.0086 2684  RpcLocator - ok
21:59:47.0090 2684  RpcSs - ok
21:59:47.0103 2684  rspndr - ok
21:59:47.0112 2684  RTL8167 - ok
21:59:47.0115 2684  s3cap - ok
21:59:47.0117 2684  SamSs - ok
21:59:47.0120 2684  sbp2port - ok
21:59:47.0122 2684  SCardSvr - ok
21:59:47.0125 2684  scfilter - ok
21:59:47.0127 2684  Schedule - ok
21:59:47.0131 2684  SCPolicySvc - ok
21:59:47.0133 2684  SDRSVC - ok
21:59:47.0135 2684  secdrv - ok
21:59:47.0138 2684  seclogon - ok
21:59:47.0142 2684  SENS - ok
21:59:47.0144 2684  SensrSvc - ok
21:59:47.0155 2684  Serenum - ok
21:59:47.0172 2684  Serial - ok
21:59:47.0175 2684  sermouse - ok
21:59:47.0180 2684  SessionEnv - ok
21:59:47.0182 2684  sffdisk - ok
21:59:47.0185 2684  sffp_mmc - ok
21:59:47.0187 2684  sffp_sd - ok
21:59:47.0189 2684  sfloppy - ok
21:59:47.0272 2684  SharedAccess - ok
21:59:47.0276 2684  ShellHWDetection - ok
21:59:47.0288 2684  SiSRaid2 - ok
21:59:47.0293 2684  SiSRaid4 - ok
21:59:47.0312 2684  SkypeUpdate - ok
21:59:47.0317 2684  Smb - ok
21:59:47.0329 2684  SNMPTRAP - ok
21:59:47.0333 2684  spldr - ok
21:59:47.0341 2684  Spooler - ok
21:59:47.0345 2684  sppsvc - ok
21:59:47.0348 2684  sppuinotify - ok
21:59:47.0352 2684  srv - ok
21:59:47.0354 2684  srv2 - ok
21:59:47.0356 2684  srvnet - ok
21:59:47.0367 2684  SSDPSRV - ok
21:59:47.0369 2684  SstpSvc - ok
21:59:47.0376 2684  Stereo Service - ok
21:59:47.0379 2684  stexstor - ok
21:59:47.0381 2684  stisvc - ok
21:59:47.0383 2684  storflt - ok
21:59:47.0385 2684  StorSvc - ok
21:59:47.0387 2684  storvsc - ok
21:59:47.0390 2684  swenum - ok
21:59:47.0392 2684  swprv - ok
21:59:47.0394 2684  Synth3dVsc - ok
21:59:47.0397 2684  SysMain - ok
21:59:47.0399 2684  TabletInputService - ok
21:59:47.0401 2684  TapiSrv - ok
21:59:47.0403 2684  TBS - ok
21:59:47.0405 2684  Tcpip - ok
21:59:47.0413 2684  TCPIP6 - ok
21:59:47.0416 2684  tcpipreg - ok
21:59:47.0419 2684  TDPIPE - ok
21:59:47.0422 2684  TDTCP - ok
21:59:47.0428 2684  tdx - ok
21:59:47.0430 2684  TeamViewer7 - ok
21:59:47.0433 2684  TermDD - ok
21:59:47.0435 2684  terminpt - ok
21:59:47.0437 2684  TermService - ok
21:59:47.0439 2684  Themes - ok
21:59:47.0441 2684  THREADORDER - ok
21:59:47.0444 2684  TrkWks - ok
21:59:47.0455 2684  truecrypt - ok
21:59:47.0457 2684  TrustedInstaller - ok
21:59:47.0461 2684  tssecsrv - ok
21:59:47.0471 2684  TsUsbFlt - ok
21:59:47.0473 2684  TsUsbGD - ok
21:59:47.0475 2684  tsusbhub - ok
21:59:47.0487 2684  tunnel - ok
21:59:47.0489 2684  uagp35 - ok
21:59:47.0491 2684  udfs - ok
21:59:47.0496 2684  UI0Detect - ok
21:59:47.0498 2684  uliagpkx - ok
21:59:47.0502 2684  umbus - ok
21:59:47.0504 2684  UmPass - ok
21:59:47.0506 2684  UmRdpService - ok
21:59:47.0511 2684  UNS - ok
21:59:47.0514 2684  upnphost - ok
21:59:47.0516 2684  usbccgp - ok
21:59:47.0518 2684  usbcir - ok
21:59:47.0520 2684  usbehci - ok
21:59:47.0537 2684  usbhub - ok
21:59:47.0539 2684  usbohci - ok
21:59:47.0541 2684  usbprint - ok
21:59:47.0544 2684  USBSTOR - ok
21:59:47.0546 2684  usbuhci - ok
21:59:47.0548 2684  UxSms - ok
21:59:47.0550 2684  VaultSvc - ok
21:59:47.0560 2684  vdrvroot - ok
21:59:47.0563 2684  vds - ok
21:59:47.0570 2684  vga - ok
21:59:47.0573 2684  VgaSave - ok
21:59:47.0575 2684  VGPU - ok
21:59:47.0577 2684  vhdmp - ok
21:59:47.0581 2684  VIAHdAudAddService - ok
21:59:47.0583 2684  viaide - ok
21:59:47.0585 2684  VIAKaraokeService - ok
21:59:47.0588 2684  vmbus - ok
21:59:47.0590 2684  VMBusHID - ok
21:59:47.0592 2684  volmgr - ok
21:59:47.0594 2684  volmgrx - ok
21:59:47.0597 2684  volsnap - ok
21:59:47.0599 2684  vsmraid - ok
21:59:47.0602 2684  VSS - ok
21:59:47.0604 2684  vwifibus - ok
21:59:47.0611 2684  W32Time - ok
21:59:47.0614 2684  WacomPen - ok
21:59:47.0635 2684  WANARP - ok
21:59:47.0644 2684  Wanarpv6 - ok
21:59:47.0646 2684  wbengine - ok
21:59:47.0648 2684  WbioSrvc - ok
21:59:47.0650 2684  wcncsvc - ok
21:59:47.0652 2684  WcsPlugInService - ok
21:59:47.0655 2684  Wd - ok
21:59:47.0657 2684  Wdf01000 - ok
21:59:47.0659 2684  WdiServiceHost - ok
21:59:47.0661 2684  WdiSystemHost - ok
21:59:47.0664 2684  WebClient - ok
21:59:47.0666 2684  Wecsvc - ok
21:59:47.0668 2684  wercplsupport - ok
21:59:47.0672 2684  WerSvc - ok
21:59:47.0685 2684  WfpLwf - ok
21:59:47.0687 2684  WIMMount - ok
21:59:47.0843 2684  WinDefend - ok
21:59:47.0849 2684  WinHttpAutoProxySvc - ok
21:59:47.0853 2684  Winmgmt - ok
21:59:47.0857 2684  WinRM - ok
21:59:47.0887 2684  WinUsb - ok
21:59:47.0891 2684  Wlansvc - ok
21:59:47.0899 2684  WmiAcpi - ok
21:59:47.0904 2684  wmiApSrv - ok
21:59:47.0908 2684  WMPNetworkSvc - ok
21:59:47.0912 2684  WPCSvc - ok
21:59:47.0916 2684  WPDBusEnum - ok
21:59:47.0920 2684  ws2ifsl - ok
21:59:47.0960 2684  wscsvc - ok
21:59:47.0965 2684  WSearch - ok
21:59:47.0972 2684  wuauserv - ok
21:59:47.0976 2684  WudfPf - ok
21:59:47.0984 2684  WUDFRd - ok
21:59:47.0988 2684  wudfsvc - ok
21:59:47.0992 2684  WwanSvc - ok
21:59:47.0998 2684  ================ Scan global ===============================
21:59:48.0001 2684  [Global] - ok
21:59:48.0003 2684  ================ Scan MBR ==================================
21:59:48.0005 2684  [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
21:59:48.0242 2684  \Device\Harddisk0\DR0 - ok
21:59:48.0244 2684  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:59:48.0358 2684  \Device\Harddisk1\DR1 - ok
21:59:48.0358 2684  ================ Scan VBR ==================================
21:59:48.0361 2684  [ EDB8F5EAFFE56A6C72181EF1505BE608 ] \Device\Harddisk0\DR0\Partition1
21:59:48.0361 2684  \Device\Harddisk0\DR0\Partition1 - ok
21:59:48.0374 2684  [ 4FCD4733E954A0E603FC456FC42C8C12 ] \Device\Harddisk0\DR0\Partition2
21:59:48.0375 2684  \Device\Harddisk0\DR0\Partition2 - ok
21:59:48.0378 2684  [ 3AD568963FFE9CF005807FBAEE931948 ] \Device\Harddisk0\DR0\Partition3
21:59:48.0378 2684  \Device\Harddisk0\DR0\Partition3 - ok
21:59:48.0382 2684  [ E05FF39BFCD8154FC8D30B2D88E20297 ] \Device\Harddisk1\DR1\Partition1
21:59:48.0384 2684  \Device\Harddisk1\DR1\Partition1 - ok
21:59:48.0387 2684  [ 930E0B774DD8B95704C1807B76886B57 ] \Device\Harddisk1\DR1\Partition2
21:59:48.0387 2684  \Device\Harddisk1\DR1\Partition2 - ok
21:59:48.0388 2684  ============================================================
21:59:48.0388 2684  Scan finished
21:59:48.0388 2684  ============================================================
21:59:48.0398 1500  Detected object count: 0
21:59:48.0398 1500  Actual detected object count: 0
22:00:17.0333 3148  Deinitialize success


Command Prompt:

C:\Windows\system32>sfc  /scannow

Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.
(roughly translated to: the windows-ressource-protection didnt find any integrity-damages)


VEW System:

Vino's Event Viewer v01c run on Windows 2008 in German
Report run at 30/08/2012 22:18:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Kritisch Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/08/2012 20:06:14
Type: Warnung Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Der Dienst für die automatische WLAN-Konfiguration wurde erfolgreich beendet.


VEW Applications:

Vino's Event Viewer v01c run on Windows 2008 in German
Report run at 30/08/2012 22:20:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Kritisch Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Fehler Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/08/2012 20:09:03
Type: Fehler Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warnung Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL 2a):

OTL logfile created on: 30.08.2012 22:21:16 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Guy Incognito\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,43% Memory free
15,88 Gb Paging File | 13,84 Gb Available in Paging File | 87,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 713,57 Gb Total Space | 664,42 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 10,67 Gb Free Space | 8,34% Space Free | Partition Type: NTFS
Drive G: | 683,59 Gb Total Space | 672,58 Gb Free Space | 98,39% Space Free | Partition Type: NTFS
 
Computer Name: PK-PC | User Name: Guy Incognito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Guy Incognito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:[b]64bit:[/b] - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:[b]64bit:[/b] - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:[b]64bit:[/b] - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:[b]64bit:[/b] - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:[b]64bit:[/b] - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:[b]64bit:[/b] - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 A8 35 30 85 84 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 13:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 00:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.08.27 21:16:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 13:02:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 00:20:01 | 000,000,000 | ---D | M]
 
[2012.08.27 20:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Extensions
[2012.08.27 22:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions
[2012.08.27 22:09:22 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2012.08.27 22:09:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.27 22:00:05 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Guy Incognito\AppData\Roaming\mozilla\Firefox\Profiles\h2mrvonm.default\extensions\[email protected]
[2012.08.27 20:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{91AA5ABE-9DE4-4347-B7B5-322C38DD9271}
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2012.08.29 13:02:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:02:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.30 21:51:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Guy Incognito\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 80.69.100.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053A2E9E-9131-412A-AAB3-AC925DE970CD}: DhcpNameServer = 80.69.103.78 80.69.100.230
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: [b]IMSS[/b] - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.x264 - C:\PROGRA~2\x264vfw\x264vfw.dll (x264vfw project)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.08.30 22:07:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.30 21:58:25 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guy Incognito\Desktop\tdsskiller.exe
[2012.08.30 21:46:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.30 21:46:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.30 21:46:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.30 21:46:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.30 21:43:35 | 004,741,171 | R--- | C] (Swearware) -- C:\Users\Guy Incognito\Desktop\ComboFix.exe
[2012.08.30 21:35:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Guy Incognito\Desktop\aswMBR.exe
[2012.08.30 21:33:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.30 18:57:29 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Guy Incognito\Desktop\OTL.exe
[2012.08.30 18:10:10 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Malwarebytes
[2012.08.30 18:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.30 18:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 18:09:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.30 18:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.30 18:00:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.08.30 18:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012.08.30 18:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.08.29 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2012.08.28 23:35:56 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\dwhelper
[2012.08.28 17:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.08.28 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\SystemRequirementsLab
[2012.08.28 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\ZoomBrowser EX
[2012.08.28 15:37:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\CANON INC
[2012.08.28 15:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2012.08.28 15:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.08.28 15:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012.08.28 15:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2012.08.28 05:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.08.28 05:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.08.28 04:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.08.28 04:03:49 | 000,032,360 | R--- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys
[2012.08.28 03:59:20 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2012.08.28 03:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.08.28 03:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2012.08.28 03:57:53 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.08.28 03:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.08.28 03:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.08.28 03:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.08.28 03:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.08.28 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.08.28 03:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.08.28 03:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.08.28 03:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.08.28 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\WindowsUpdate
[2012.08.28 01:25:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.28 01:16:20 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\OpenOffice.org
[2012.08.28 01:16:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.08.28 01:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.08.28 01:08:57 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Foxit Software
[2012.08.28 01:06:12 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\MISC
[2012.08.28 01:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.08.28 01:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012.08.28 01:00:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Backups
[2012.08.28 01:00:12 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Spielstände
[2012.08.28 00:59:15 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Ämter
[2012.08.28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Arbeit
[2012.08.28 00:58:52 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Uni
[2012.08.28 00:51:25 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Collectorz.com
[2012.08.28 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
[2012.08.28 00:51:24 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Movie Collector
[2012.08.28 00:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Collectorz.com
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264vfw
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
[2012.08.28 00:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264vfw
[2012.08.28 00:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.08.28 00:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.08.28 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.08.28 00:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.08.28 00:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software
[2012.08.28 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOUSE Editor
[2012.08.28 00:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.28 00:38:34 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.28 00:38:33 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\DAEMON Tools Lite
[2012.08.28 00:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.08.28 00:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.08.28 00:34:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Skype
[2012.08.28 00:34:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.28 00:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.28 00:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.28 00:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.08.28 00:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.08.28 00:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDub-1.9.11
[2012.08.28 00:27:41 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\pdfforge
[2012.08.28 00:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.28 00:27:39 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012.08.28 00:27:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.08.28 00:27:39 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.08.28 00:27:39 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.08.28 00:27:39 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.08.28 00:27:39 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.08.28 00:27:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.08.28 00:27:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.08.28 00:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.08.28 00:20:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.08.28 00:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.08.28 00:20:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.08.28 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.08.28 00:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012.08.28 00:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.08.28 00:19:55 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Winamp
[2012.08.28 00:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.08.28 00:17:50 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\My Streaming Media
[2012.08.28 00:17:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Jaksta_Technologies_Pty_L
[2012.08.28 00:16:10 | 000,033,888 | ---- | C] (Applian Technologies Inc.) -- C:\Windows\SysNative\drivers\appliand.sys
[2012.08.28 00:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2012.08.28 00:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012.08.28 00:15:50 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Replay Media Catcher 4
[2012.08.28 00:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2012.08.28 00:01:00 | 000,000,000 | ---D | C] -- C:\SkyDriveTemp
[2012.08.27 23:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012.08.27 23:59:34 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\SkyDrive
[2012.08.27 23:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\WinRAR
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.27 23:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.27 23:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.08.27 23:05:25 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.08.27 23:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.08.27 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2012.08.27 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\Documents\Newsbin
[2012.08.27 22:45:46 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
[2012.08.27 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Newsbin
[2012.08.27 22:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Newsbin
[2012.08.27 22:41:36 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\vlc
[2012.08.27 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.27 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.08.27 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\.clipbak
[2012.08.27 22:12:57 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Macromedia
[2012.08.27 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.27 22:03:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.08.27 22:03:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.27 22:03:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.27 22:03:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.27 22:03:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.27 22:03:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.27 22:03:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.27 22:03:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.27 22:03:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.27 22:03:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.27 22:03:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.27 22:03:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.27 22:03:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.27 22:03:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.27 22:02:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.08.27 22:02:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.08.27 22:02:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.27 22:01:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.27 22:01:53 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.27 22:01:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.27 22:01:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.27 22:01:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.08.27 22:01:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.08.27 21:57:50 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.27 21:57:50 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.27 21:57:50 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.27 21:57:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.08.27 21:57:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.08.27 21:57:41 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.08.27 21:57:26 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.27 21:57:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.27 21:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.08.27 21:24:13 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.08.27 21:24:13 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.08.27 21:24:13 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.08.27 21:24:13 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.08.27 21:24:13 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.08.27 21:24:05 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.08.27 21:24:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.08.27 21:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.27 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.08.27 21:23:49 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.08.27 21:23:49 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.08.27 21:23:49 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.08.27 21:23:49 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.08.27 21:23:49 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.08.27 21:23:49 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.08.27 21:23:49 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.08.27 21:23:49 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.08.27 21:23:49 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.08.27 21:23:49 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.08.27 21:23:49 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.08.27 21:23:49 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.08.27 21:23:49 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.08.27 21:23:49 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.08.27 21:23:49 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.08.27 21:23:49 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.08.27 21:23:49 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.08.27 21:23:49 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.08.27 21:23:49 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.08.27 21:23:49 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.08.27 21:23:49 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.08.27 21:23:49 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.08.27 21:23:49 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.08.27 21:23:49 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.08.27 21:23:49 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.08.27 21:23:49 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.08.27 21:23:49 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.08.27 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.08.27 21:23:15 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.08.27 21:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.08.27 21:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.08.27 21:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.27 21:20:10 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.27 21:20:10 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.27 21:20:10 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.27 21:20:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.27 21:20:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.27 21:20:03 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.27 21:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.27 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\ESET
[2012.08.27 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.08.27 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.27 21:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2012.08.27 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\TrueCrypt
[2012.08.27 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.08.27 20:55:45 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.08.27 20:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.08.27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Mozilla
[2012.08.27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Mozilla
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.27 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.27 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Macromedia
[2012.08.27 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Adobe
[2012.08.27 20:53:38 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 20:53:38 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.27 20:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.08.27 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.27 20:43:28 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hcs.sys
[2012.08.27 20:43:21 | 000,356,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hub.sys
[2012.08.27 20:43:19 | 000,787,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3xhc.sys
[2012.08.27 20:42:14 | 000,648,808 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.08.27 20:42:13 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012.08.27 20:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.08.27 20:41:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.08.27 20:41:12 | 002,915,440 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2012.08.27 20:41:12 | 002,182,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2012.08.27 20:41:12 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2012.08.27 20:41:12 | 000,675,952 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2012.08.27 20:41:12 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2012.08.27 20:41:12 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2012.08.27 20:41:12 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2012.08.27 20:41:12 | 000,090,224 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2012.08.27 20:41:12 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2012.08.27 20:41:12 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2012.08.27 20:41:12 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2012.08.27 20:40:43 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2012.08.27 20:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2012.08.27 20:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.08.27 20:36:11 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.08.27 20:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.08.27 20:35:57 | 000,000,000 | ---D | C] -- C:\Intel
[2012.08.27 20:32:48 | 000,000,000 | ---D | C] -- C:\Windows\Chipset
[2012.08.27 20:32:47 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012.08.27 20:31:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.08.27 20:30:46 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.27 20:30:46 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.27 20:30:45 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Searches
[2012.08.27 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Identities
[2012.08.27 20:30:36 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Contacts
[2012.08.27 20:30:35 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\VirtualStore
[2012.08.27 20:30:27 | 000,000,000 | --SD | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Videos
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Saved Games
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Pictures
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Music
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Links
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Favorites
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Downloads
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Documents
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\Desktop
[2012.08.27 20:30:27 | 000,000,000 | R--D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Vorlagen
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Verlauf
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Temporary Internet Files
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Startmenü
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\SendTo
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Recent
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Netzwerkumgebung
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Lokale Einstellungen
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Videos
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Musik
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Eigene Dateien
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Documents\Eigene Bilder
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Druckumgebung
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Cookies
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\AppData\Local\Anwendungsdaten
[2012.08.27 20:30:27 | 000,000,000 | -HSD | C] -- C:\Users\Guy Incognito\Anwendungsdaten
[2012.08.27 20:30:27 | 000,000,000 | -H-D | C] -- C:\Users\Guy Incognito\AppData
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Temp
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Local\Microsoft
[2012.08.27 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Guy Incognito\AppData\Roaming\Media Center Programs
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.27 20:30:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.27 20:30:21 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.08.27 20:25:23 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.08.27 20:25:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.08.30 22:18:08 | 000,061,440 | ---- | M] ( ) -- C:\Users\Guy Incognito\Desktop\VEW.exe
[2012.08.30 22:16:04 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.30 22:16:04 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.30 22:16:04 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.30 22:16:04 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.30 22:16:04 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.30 22:14:42 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 22:14:42 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 22:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 22:07:20 | 2099,843,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 21:58:32 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guy Incognito\Desktop\tdsskiller.exe
[2012.08.30 21:51:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.30 21:44:20 | 004,741,171 | R--- | M] (Swearware) -- C:\Users\Guy Incognito\Desktop\ComboFix.exe
[2012.08.30 21:41:46 | 000,000,512 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\MBR.dat
[2012.08.30 21:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 21:35:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Guy Incognito\Desktop\aswMBR.exe
[2012.08.30 18:57:32 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Guy Incognito\Desktop\OTL.exe
[2012.08.30 18:10:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 18:00:14 | 000,001,108 | ---- | M] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012.08.30 18:00:03 | 000,000,928 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\NTREGOPT.lnk
[2012.08.30 18:00:03 | 000,000,909 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\ERUNT.lnk
[2012.08.29 22:54:40 | 004,919,280 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012.08.28 15:36:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.28 03:57:05 | 000,035,393 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.08.28 03:09:51 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.28 00:38:34 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.28 00:31:06 | 000,001,545 | ---- | M] () -- C:\Users\Guy Incognito\Desktop\VDub.lnk
[2012.08.27 22:22:28 | 000,000,455 | ---- | M] () -- C:\Users\Guy Incognito\clipdat2.rdf
[2012.08.27 22:10:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 22:10:47 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.27 21:42:28 | 000,002,125 | ---- | M] () -- C:\Users\Guy Incognito\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2012.08.27 21:19:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.27 21:19:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.27 21:19:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.27 21:19:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.27 21:19:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.27 21:19:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.27 21:04:02 | 001,835,008 | ---- | M] () -- C:\Users\Guy Incognito\Documents\TrueCrypt Rescue Disk.iso
[2012.08.27 20:55:45 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.08.27 20:54:18 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.27 20:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.27 20:32:47 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012.08.27 20:31:41 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.08.27 20:27:01 | 000,000,771 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.27 20:27:01 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.08.30 22:18:07 | 000,061,440 | ---- | C] ( ) -- C:\Users\Guy Incognito\Desktop\VEW.exe
[2012.08.30 21:46:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.30 21:46:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.30 21:46:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.30 21:46:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.30 21:46:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.30 21:41:46 | 000,000,512 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\MBR.dat
[2012.08.30 18:10:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 18:00:14 | 000,001,108 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012.08.30 18:00:03 | 000,000,928 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\NTREGOPT.lnk
[2012.08.30 18:00:03 | 000,000,909 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\ERUNT.lnk
[2012.08.28 15:36:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.28 04:13:47 | 004,919,280 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.08.28 03:57:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.08.28 03:57:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.28 03:52:56 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.08.28 00:46:28 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.08.28 00:42:57 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012.08.28 00:42:57 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.28 00:42:57 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012.08.28 00:42:57 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.28 00:42:57 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012.08.28 00:42:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.08.28 00:32:26 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.08.28 00:31:06 | 000,001,545 | ---- | C] () -- C:\Users\Guy Incognito\Desktop\VDub.lnk
[2012.08.27 23:59:34 | 000,002,204 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.08.27 22:22:28 | 000,000,455 | ---- | C] () -- C:\Users\Guy Incognito\clipdat2.rdf
[2012.08.27 21:42:28 | 000,002,125 | ---- | C] () -- C:\Users\Guy Incognito\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2012.08.27 21:24:13 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.08.27 21:23:49 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.08.27 21:04:02 | 001,835,008 | ---- | C] () -- C:\Users\Guy Incognito\Documents\TrueCrypt Rescue Disk.iso
[2012.08.27 20:54:18 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.27 20:54:18 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.27 20:53:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.27 20:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.27 20:42:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.08.27 20:41:24 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012.08.27 20:31:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.27 20:31:35 | 000,035,393 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.08.27 20:30:51 | 000,001,409 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.27 20:30:47 | 000,001,443 | ---- | C] () -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.27 20:25:02 | 2099,843,071 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Drive Information ==========[/color]
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST1500DM003-9YN16G ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD250HJ ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 714,00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 684,00GB
Starting Offset: 766298292224
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 128,00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 105,00GB
Starting Offset: 137427978240
Hidden sectors: 0
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012.08.27 20:53:43 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Adobe
[2012.08.28 15:37:28 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\CANON INC
[2012.08.28 00:39:07 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\DAEMON Tools Lite
[2012.08.27 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\ESET
[2012.08.28 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Foxit Software
[2012.08.27 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Identities
[2012.08.27 20:53:43 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Macromedia
[2012.08.30 18:10:10 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Malwarebytes
[2010.11.21 08:28:37 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Media Center Programs
[2012.08.30 18:16:27 | 000,000,000 | --SD | M] -- C:\Users\Guy Incognito\AppData\Roaming\Microsoft
[2012.08.27 20:54:25 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Mozilla
[2012.08.28 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\OpenOffice.org
[2012.08.28 00:27:41 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\pdfforge
[2012.08.28 00:17:50 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Replay Media Catcher 4
[2012.08.28 00:49:12 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Skype
[2012.08.27 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\TrueCrypt
[2012.08.29 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\vlc
[2012.08.28 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\Winamp
[2012.08.27 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\WinRAR
[2012.08.28 15:39:07 | 000,000,000 | ---D | M] -- C:\Users\Guy Incognito\AppData\Roaming\ZoomBrowser EX
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]
[2010.11.21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010.11.21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010.11.21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010.11.21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010.11.21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010.11.21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
 
[color=#A23BEC]< MD5 for: NAPINSP.DLL  >[/color]
[2009.07.14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009.07.14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009.07.14 03:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009.07.14 03:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
 
[color=#A23BEC]< MD5 for: NLAAPI.DLL  >[/color]
[2010.11.21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010.11.21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010.11.21 05:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010.11.21 05:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
 
[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]
[2009.07.14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009.07.14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009.07.14 03:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009.07.14 03:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
 
[color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE  >[/color]
[2009.07.14 03:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009.07.14 03:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]
[2009.07.14 03:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009.07.14 03:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009.07.14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009.07.14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
[color=#A23BEC]< MD5 for: WSHELPER.DLL  >[/color]
[2009.07.14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009.07.14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009.07.14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009.07.14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.06.02 16:33:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.06.02 16:33:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.06.02 16:33:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012.08.29 13:02:42 | 000,853,448 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012.08.29 13:02:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.06.02 16:33:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.06.02 16:33:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.06.02 16:33:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

< End of report >


OTL 2b) (Extras):

OTL Extras logfile created on: 30.08.2012 22:21:16 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Guy Incognito\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,43% Memory free
15,88 Gb Paging File | 13,84 Gb Available in Paging File | 87,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 713,57 Gb Total Space | 664,42 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 10,67 Gb Free Space | 8,34% Space Free | Partition Type: NTFS
Drive G: | 683,59 Gb Total Space | 672,58 Gb Free Space | 98,39% Space Free | Partition Type: NTFS
 
Computer Name: PK-PC | User Name: Guy Incognito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FAF4499-7FAA-4F79-A8CA-DF8ADE9EFC35}" = protocol=58 | dir=out | [email protected],-503 | 
"{F55EABA1-0E2B-4DF1-8F77-071B874D6530}" = protocol=58 | dir=in | app=system | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B39AC27-CF06-4D20-A3B6-5F1BD41A81E8}" = ESET Smart Security
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Newsbin6" = Newsbin Pro
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1" = Movie Collector
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickPar" = QuickPar 0.9
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"SopCast" = SopCast 3.5.0
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 30.08.2012 16:09:03 | Computer Name = PK-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >


hope i didnt forget nothing and that the german parts arent too hard to understand
  • 0

#4
RKinner
Posted 30 August 2012 - 03:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
Delays are not a problem and I speak German (worked in Germany from 1973 to 1984) so no problem there either. Let's run one more to make sure but it looks clean.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
mspk
Posted 30 August 2012 - 04:22 PM

mspk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
dankeschön for your help so far :)
may i ask 3 questions? do you see anything that points to an infection earlier or did my firewall etc. just crash because of something else? do i need to keep all these programs, maybe because i could still use them in the future, or are they only useful when you suspect an infection and if it happens again are all outdated anyways? and how sure can i be my pc is clean and what should i do to keep it that way?

heres the log:

Farbar Service Scanner Version: 06-08-2012
Ran by Guy Incognito (administrator) on 31-08-2012 at 00:16:14
Running from "C:\Users\Guy Incognito\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

  • 0

#6
RKinner
Posted 30 August 2012 - 06:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
I don't see any sign of infection. I assume you installed the TeamViewer software and that it wasn't something the malware did?

This stuff was not removed by the OTL script.

File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{91AA5ABE-9DE4-4347-B7B5-322C38DD9271}
File not found (No name found) -- C:\USERS\Guy Incognito\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H2MRVONM.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}

Probably because you did not replace the Guy Incognito with your real user name but they aren't malware just poorly uninstalled add-ons.

We don't see that many ESET protected systems so I'm not all that familiar with it (tho I am a big fan of their online scan).
Windows defender and the windows firewall may have been disabled by ESET when you installed it. I think, but am not certain, that your ESET has its own firewall and it may not have wanted Windows Defender running. I know that MSSE turns off Windows Defender so I would not be surprised if ESET did too. BFE should not have been turned off as far as I know so I assume there was something evil at work but it appears to be gone. We had some malware last year that killed off BFE, the firewall and the Security Center but I don't see any trace of it in your logs.

We usually have people remove our tools since they are constantly being updated but if you want to keep them then that's OK. The process of removing them also removes any back up copies of removed malware but since we didn't find anything that's not a concern. I'll give you my standard cleanup speech (which gives some recommendations to stay clean) but you can ignore the remove/uninstall steps if you like.

We need to clean up System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That should get the last of any malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#7
mspk
Posted 30 August 2012 - 07:06 PM

mspk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hey ron

thanx for the long reply and its getting late here but i figured i owe you a quick response ;)

im just gonna work through your "list":

- yes i installed teamviewer on purpose. use it now and then to help my mom.

- seems i forgot to change these entries in OTL but since u said its ok ill prolly leave it at that. if i had to guess id say its some remains of something because i used firefox sync to get firefox back to the way i used it. btw i have adblock plus installed, thought it should have shown up somewhere. i checked and it seems to work but maybe ill reinstall it just to be sure.

- as to eset: yea i use it for couple of years now and (usually) like it and yes it has a built-in firewall. its really small though and (used to) protect(s) me. the firewall/defender disabling may have been a possibility but it not only disabled it then - it completely removed it from services.msc, along with BFE. so id say that wouldve been a bit of an overreach, but hey you never know ;) just glad it seems to be gone now.

- i think ill keep the programs i used, if only to know what to use if the case comes up again. i checked and apparently none actually installed i think. ill think about the suggestions you made for the ones you mentioned. and in the end its only a few mbs and i should have the space for them.

- im gonna do that restore point cleaning after i finished writing.

- i actually know how to hide system files myself wooohooo (at least something heh ;D)

- i usually check for adobe updates regularly and will keep that going. as for the apps that check for updates the second link doesnt seem to work so i prolly go with the hippo one unless you say the 2nd one is much better.

- since ff is the browser i solely use and my pc is still fresh everything loads really fast but if that changes ill look into the speedup thing.

- i dont use any P2P apps for my legal downloads so ill just ignore that one ;)

- i actually dont use a router or wlan. thought about a router but since im alone and everything seems to work i never saw the necessity for one.

- as for the java/noscript issue, when i installed foxit reader it asked me about java and i told it to not run it. i thought about the noscript addon but i was undecided since im just never sure if the situation arises that it asks me to allow some javascript if there maybe some hidden part in it im just too inexperienced to see and then i open my system to malware. or can i be safe that if i install it ill just get added security and everything id let through would get through too if werent to install noscript?

- lastly to the donation: im gonna be honest with you, i had to save for months to get me this pc a while ago and am still paying for it, actually for quite some time. but if times get better and i can spare a few euros/dollars your organization will be on top of my list.

thanks a lot again for your time and effort. i used to help/participate in other forums in the past and know you (can) never get enough recognition for your work so i really mean it.
im gonna hit the hay now so if you answer soon please dont expect a fast answer from me. like i said its getting late ;)
  • 0

#8
RKinner
Posted 30 August 2012 - 07:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
Just wanted to be sure TeamViewer had not been installed by the malware.

Go ahead and try NoScript and see if you can live with it. Anything you allow to run would have run without NoScript. At least this way you can decide if you trust the site or not. If you don't like it uninstall it and turn off Java in Firefox and see if any of your usually sites complain. What some people are doing is removing it from Firefox and Keeping it in Chrome. Then they use Chrome just to go to the sites they know require Java.

Yes they usually do not remove the services from services.msc so it was malware but ESET must have prevented it from installing itself completely as I don't see any sign of it. Normally what Zero Access does is intercept your search requests in Google or Yahoo (not sure about Bing) and when you click on a link it takes you to some other site where you don't want to go. Go to google.com and do a search and see if when you click on a link you go where you thought you were going.

I use Filehippo myself but other people like Secunia PSI. As far as I know they both work about the same tho I have had problems running FileHippo on a 64bit PC. It still worked but it couldn't run at startup.

No problem with the donation. I just added that line recently because a few people did ask (and most of the other helpers on here have a pay pal link in their signatures.)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP