Jump to content

Infected by "GVU" or "Bundespolizei" Trojan


Recommended Posts

Hi there,

I got the so called GVA or Bundespolizei Trojaner which completly locks your desktop and wants to make you pay money to unlock it. I don't know how this is called in the US or what it shows but I'm sure it's not a german only phenomenon.

I can boot in safe mode just fine. I don't know how to remove it though. There is nothing in the registry and Malwarebytes Scan didn't find anything.

All I did was a legit download from a file side. The ICEenhance for GTAIV. I used the official downloadlinks and now that...I had malwarebytes running in the background and the Windows virus protection and a firewall but still...how is that even possible? Help would be very appreciated. Thanks a lot!

Link to post
Share on other sites

Here is the OTL Log I made it in safety mode:

OTL logfile created on: 23.07.2012 19:29:29 - Run 2

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Seph\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,72 Gb Available Physical Memory | 84,24% Memory free

8,37 Gb Paging File | 7,17 Gb Available in Paging File | 85,61% Paging File free

Paging file location(s): c:\pagefile.sys 400 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 73,14 Gb Total Space | 18,47 Gb Free Space | 25,25% Space Free | Partition Type: NTFS

Drive D: | 392,52 Gb Total Space | 67,22 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

Computer Name: CLOUD_STRIFE | User Name: Seph | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.23 19:28:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Seph\Desktop\OTL.exe

PRC - [2012.07.18 23:22:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Programme\Firefox\firefox.exe

PRC - [2012.07.18 23:22:03 | 000,016,864 | ---- | M] (Mozilla Corporation) -- D:\Programme\Firefox\plugin-container.exe

PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012.06.26 15:51:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

PRC - [2011.12.19 01:00:00 | 002,362,720 | ---- | M] (Cerulean Studios) -- D:\Programme\Trillian\trillian.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.18 23:22:04 | 002,003,424 | ---- | M] () -- D:\Programme\Firefox\mozjs.dll

MOD - [2012.06.26 15:51:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

MOD - [2011.12.19 01:00:00 | 000,193,024 | ---- | M] () -- D:\Programme\Trillian\libspeex.dll

MOD - [2011.12.19 01:00:00 | 000,187,392 | ---- | M] () -- D:\Programme\Trillian\libpng15.dll

MOD - [2011.12.19 01:00:00 | 000,065,536 | ---- | M] () -- D:\Programme\Trillian\libungif.dll

MOD - [2011.12.19 01:00:00 | 000,059,904 | ---- | M] () -- D:\Programme\Trillian\zlib1.dll

MOD - [2011.12.19 01:00:00 | 000,011,264 | ---- | M] () -- d:\Programme\Trillian\languages\en\buddy.dll

MOD - [2011.12.19 01:00:00 | 000,007,168 | ---- | M] () -- d:\Programme\Trillian\languages\en\talk.dll

MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- d:\Programme\Trillian\languages\en\trillian.dll

MOD - [2011.12.19 01:00:00 | 000,006,656 | ---- | M] () -- d:\Programme\Trillian\languages\en\events.dll

MOD - [2011.12.19 01:00:00 | 000,003,584 | ---- | M] () -- d:\Programme\Trillian\languages\en\toolkit.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.12.21 11:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.19 10:53:11 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.07.18 23:22:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.07.03 02:05:48 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.05.27 16:51:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.02.22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011.02.22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.15 20:36:31 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)

DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV:64bit: - [2012.05.21 15:10:51 | 000,188,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.18 16:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2012.01.18 16:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2012.01.01 22:31:15 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.11.10 19:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011.04.22 03:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.04.15 12:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 14:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011.02.08 14:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010.10.15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010.03.18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)

DRV:64bit: - [2010.03.18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)

DRV:64bit: - [2010.03.18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV:64bit: - [2010.03.18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010.03.18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010.03.18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010.03.18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010.03.18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2010.03.18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010.03.18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)

DRV:64bit: - [2010.03.18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)

DRV:64bit: - [2010.03.18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)

DRV:64bit: - [2010.03.18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)

DRV:64bit: - [2010.03.18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)

DRV:64bit: - [2010.03.18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)

DRV:64bit: - [2010.03.18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)

DRV:64bit: - [2010.03.18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)

DRV:64bit: - [2009.12.21 11:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)

DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.07.11 11:02:31 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)

DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programme\MSI Afterburner\RTCore64.sys -- (RTCore64)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B BB 18 75 77 62 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programme\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\Programme\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.05.15 12:50:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Firefox\components [2012.07.18 23:22:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Programme\Thunderbird\components [2012.06.20 12:27:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Programme\Thunderbird\plugins

[2012.01.01 20:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seph\AppData\Roaming\mozilla\Extensions

[2012.07.15 20:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seph\AppData\Roaming\mozilla\Firefox\Profiles\tx3jwk86.default\extensions

[2012.05.15 12:42:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Seph\AppData\Roaming\mozilla\Firefox\Profiles\tx3jwk86.default\extensions\DeviceDetection@logitech.com

[2012.07.15 20:38:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Seph\AppData\Roaming\mozilla\Firefox\Profiles\tx3jwk86.default\extensions\software@loadtubes.com

[2012.01.03 00:07:55 | 000,002,057 | ---- | M] () -- C:\Users\Seph\AppData\Roaming\Mozilla\Firefox\Profiles\tx3jwk86.default\searchplugins\youtube-videosuche.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - Extension: YouTube = C:\Users\Seph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google-Suche = C:\Users\Seph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Mail = C:\Users\Seph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012.07.15 22:04:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)

O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Seph\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Seph\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)

O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)

O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [KiesPDLR] D:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [KiesPreload] D:\Programme\Kies\Kies.exe (Samsung)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Seph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Programme\Office2010\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programme\Office2010\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F21B97-B671-4606-BB56-C6CDEF8FDB02}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.23 19:28:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Seph\Desktop\OTL.exe

[2012.07.21 02:03:06 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Ubisoft

[2012.07.21 00:03:50 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\Ubisoft Game Launcher

[2012.07.21 00:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2012.07.21 00:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2012.07.20 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\Sidhe

[2012.07.18 20:05:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc

[2012.07.18 15:19:48 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Square Enix

[2012.07.17 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\EA Games

[2012.07.16 16:32:58 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012.07.15 23:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012.07.15 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012.07.15 23:01:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.15 23:01:32 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.15 23:01:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.15 23:01:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.15 23:01:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.15 22:34:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.07.15 22:07:35 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.07.15 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.15 20:55:18 | 000,000,000 | ---D | C] -- C:\FRST

[2012.07.15 20:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012.07.15 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2012.07.15 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\convert

[2012.07.15 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\loadtbs

[2012.07.15 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware

[2012.07.15 19:57:14 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Anti-Malware

[2012.07.15 19:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012.07.15 15:47:12 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\SEGA

[2012.07.15 15:03:59 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Max Payne 2 Savegames

[2012.07.15 12:28:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012.07.15 12:24:24 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\Help

[2012.07.14 15:41:07 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2012.07.14 15:41:07 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys

[2012.07.13 13:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy

[2012.07.13 13:39:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2012.07.13 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\Trine2

[2012.07.12 20:19:12 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Almost Human

[2012.07.12 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\screenshots

[2012.07.12 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\profiles

[2012.07.12 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\cache

[2012.07.12 20:00:11 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Hard Reset Extended

[2012.07.12 10:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2012.07.11 14:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer

[2012.07.11 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies

[2012.07.11 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild

[2012.07.11 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2012.07.11 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2012.07.11 11:02:22 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

[2012.07.11 01:49:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.07.11 01:49:02 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.07.09 23:56:33 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\NFSTR

[2012.07.09 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012.07.09 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012.07.09 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\Origin

[2012.07.09 23:39:18 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\Origin

[2012.07.09 23:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2012.07.09 23:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2012.07.09 23:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012.07.09 23:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2012.07.08 15:15:46 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\LoneSurvivor

[2012.07.06 02:24:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

[2012.07.05 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\4A Games

[2012.07.03 02:05:18 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\PunkBuster

[2012.07.01 19:40:48 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\ArmA 2 Free

[2012.07.01 19:40:48 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\ArmA 2

[2012.07.01 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012.07.01 19:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

[2012.07.01 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\ArmA 2 OA Demo

[2012.07.01 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\ArmA 2 OA DEMO

[2012.06.30 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\The Path

[2012.06.30 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\The Path

[2012.06.27 01:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012.06.27 01:50:30 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2012.06.27 01:50:30 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2012.06.27 01:50:30 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2012.06.27 01:50:30 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2012.06.27 01:50:30 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2012.06.27 01:50:21 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012.06.27 01:50:21 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012.06.27 01:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012.06.27 01:49:47 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012.06.27 01:49:47 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2012.06.27 01:49:47 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2012.06.27 01:49:47 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012.06.27 01:49:47 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012.06.27 01:49:47 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2012.06.27 01:49:47 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll

[2012.06.27 01:49:47 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll

[2012.06.27 00:17:28 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\Chromium

[2012.06.27 00:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games

[2012.06.26 23:57:07 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Roaming\BANDISOFT

[2012.06.26 23:57:03 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Bandicam

[2012.06.26 23:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam

[2012.06.26 23:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1

[2012.06.26 20:12:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CallOfPripyatBench

[2012.06.26 18:21:03 | 000,000,000 | ---D | C] -- C:\Users\Seph\AppData\Local\Dxtory Software

[2012.06.26 15:44:01 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012.06.26 15:44:01 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012.06.26 15:44:01 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012.06.26 15:44:01 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012.06.26 15:44:01 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012.06.26 15:44:01 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012.06.26 15:44:01 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012.06.26 15:44:01 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2012.06.26 15:44:01 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll

[2012.06.26 15:44:01 | 000,188,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys

[2012.06.26 15:44:01 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll

[2012.06.26 11:58:09 | 000,000,000 | R--D | C] -- C:\Users\Seph\Documents\Scanned Documents

[2012.06.26 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Seph\Documents\Fax

[2012.06.24 11:22:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012.06.24 11:22:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012.06.24 11:22:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012.06.24 11:22:02 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012.06.24 11:22:02 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012.06.24 11:22:02 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012.06.24 11:21:56 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012.06.24 11:21:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.23 19:28:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Seph\Desktop\OTL.exe

[2012.07.23 19:20:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.23 19:20:23 | 2133,856,255 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.23 19:19:53 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20021102}.rfx

[2012.07.23 19:19:53 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000001-00001102-00000004-20021102}.rfx

[2012.07.23 19:19:53 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20021102}.rfx

[2012.07.23 19:19:53 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20021102}.rfx

[2012.07.23 19:19:53 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000001-00001102-00000004-20021102}.rfx

[2012.07.23 19:19:41 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2012.07.23 18:09:14 | 004,931,577 | ---- | M] () -- C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.CDF

[2012.07.23 18:09:14 | 004,931,577 | ---- | M] () -- C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.BAK

[2012.07.23 18:09:12 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe

[2012.07.23 18:08:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad

[2012.07.23 18:08:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.23 18:04:54 | 000,001,888 | ---- | M] () -- C:\Users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.07.23 17:38:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.23 17:30:27 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 17:30:27 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 17:27:27 | 001,529,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.23 17:27:27 | 000,665,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.23 17:27:27 | 000,625,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.23 17:27:27 | 000,135,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.23 17:27:27 | 000,110,892 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.23 10:10:15 | 000,167,546 | ---- | M] () -- C:\Users\Seph\Desktop\Experteninterviews zu IT FOR WORK.pdf

[2012.07.23 10:09:53 | 003,421,975 | ---- | M] () -- C:\Users\Seph\Desktop\IT_FOR_WORK_Konzept_print.pdf

[2012.07.23 09:46:43 | 004,863,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.18 20:21:28 | 000,045,047 | ---- | M] () -- C:\Users\Seph\Desktop\ITFW_strategie_Abstimmungsversion.jpg

[2012.07.18 17:09:45 | 012,230,470 | ---- | M] () -- C:\Users\Seph\Desktop\Unbenannt-1.pdf

[2012.07.18 17:05:16 | 000,149,595 | ---- | M] () -- C:\Users\Seph\Desktop\Unbenannt-1.idml

[2012.07.18 17:02:18 | 009,666,560 | ---- | M] () -- C:\Users\Seph\Desktop\Unbenannt-1.indd

[2012.07.18 15:52:16 | 000,446,539 | ---- | M] () -- C:\Users\Seph\Desktop\abstimmungsdings.inx

[2012.07.16 22:05:30 | 000,019,125 | ---- | M] () -- C:\Users\Seph\Desktop\logo.png

[2012.07.15 23:23:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.07.15 23:23:11 | 001,524,520 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.07.15 22:04:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.07.15 20:36:31 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

[2012.07.15 20:35:15 | 000,002,272 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2012.07.13 13:38:50 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.07.13 13:38:46 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.07.13 13:38:45 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe

[2012.07.11 16:54:23 | 000,122,419 | ---- | M] () -- C:\Users\Seph\Desktop\Unbenannt.png

[2012.07.11 01:49:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2012.07.08 15:22:36 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.03 02:05:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012.07.03 00:48:38 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2012.06.26 15:51:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.06.26 15:51:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.06.26 09:02:40 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll

[2012.06.26 09:02:38 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.23 18:04:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad

[2012.07.23 18:04:54 | 000,001,888 | ---- | C] () -- C:\Users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.07.23 10:10:14 | 000,167,546 | ---- | C] () -- C:\Users\Seph\Desktop\Experteninterviews zu IT FOR WORK.pdf

[2012.07.23 10:09:48 | 003,421,975 | ---- | C] () -- C:\Users\Seph\Desktop\IT_FOR_WORK_Konzept_print.pdf

[2012.07.18 20:21:26 | 000,045,047 | ---- | C] () -- C:\Users\Seph\Desktop\ITFW_strategie_Abstimmungsversion.jpg

[2012.07.18 17:09:36 | 012,230,470 | ---- | C] () -- C:\Users\Seph\Desktop\Unbenannt-1.pdf

[2012.07.18 17:05:15 | 000,149,595 | ---- | C] () -- C:\Users\Seph\Desktop\Unbenannt-1.idml

[2012.07.18 16:29:51 | 009,666,560 | ---- | C] () -- C:\Users\Seph\Desktop\Unbenannt-1.indd

[2012.07.18 15:14:03 | 000,446,539 | ---- | C] () -- C:\Users\Seph\Desktop\abstimmungsdings.inx

[2012.07.16 22:05:30 | 000,019,125 | ---- | C] () -- C:\Users\Seph\Desktop\logo.png

[2012.07.15 23:23:13 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012.07.15 20:36:31 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

[2012.07.15 20:35:15 | 000,002,272 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2012.07.13 13:33:20 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012.07.12 20:07:16 | 000,000,018 | ---- | C] () -- C:\Users\Seph\Documents\profiles.cfg

[2012.07.11 16:53:46 | 000,122,419 | ---- | C] () -- C:\Users\Seph\Desktop\Unbenannt.png

[2012.07.11 01:49:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2012.07.03 02:05:22 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.07.03 02:02:07 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.07.03 02:02:07 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012.07.03 02:01:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012.07.03 02:01:51 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2012.06.27 01:50:30 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012.05.27 13:25:20 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.05.27 13:25:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012.05.18 10:53:18 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe

[2012.05.15 17:01:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012.04.28 20:57:27 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe

[2012.02.02 17:46:49 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat

[2012.01.31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.01.31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.01.31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.01.31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.01.31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012.01.27 13:04:25 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe

[2012.01.20 14:50:00 | 000,000,132 | ---- | C] () -- C:\Users\Seph\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2012.01.10 22:24:30 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012.01.10 22:24:30 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012.01.10 22:24:30 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012.01.10 22:24:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012.01.10 22:24:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.01.02 02:50:27 | 001,524,520 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== LOP Check ==========

[2012.06.26 23:57:07 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\BANDISOFT

[2012.01.22 02:34:01 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\BigHugeEngine

[2012.07.15 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\convert

[2012.04.02 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\DAEMON Tools Lite

[2012.01.25 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\DarknessIIDemo

[2012.04.03 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Downloaded Installations

[2012.07.23 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Dropbox

[2012.01.27 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\e-academy Inc

[2012.01.05 01:11:48 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\fltk.org

[2012.01.13 13:56:54 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Foxit Software

[2012.05.28 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\GameSave Manager 2

[2012.01.08 04:02:10 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Leadertech

[2012.07.15 20:35:15 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\loadtbs

[2012.07.08 15:15:46 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\LoneSurvivor

[2012.05.23 21:59:53 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Mumble

[2012.03.09 13:40:08 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\MyPhoneExplorer

[2012.01.28 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Need for Speed World

[2012.07.09 23:40:34 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Origin

[2012.05.01 15:34:35 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\RenPy

[2012.01.01 21:26:34 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Runic Games

[2012.04.05 23:29:59 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Samsung

[2012.03.17 23:47:35 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Spotify

[2012.06.30 02:35:11 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\The Path

[2012.01.01 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Thunderbird

[2012.01.02 03:18:47 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Trillian

[2012.07.13 12:19:41 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Trine2

[2012.03.31 00:20:11 | 000,000,000 | ---D | M] -- C:\Users\Seph\AppData\Roaming\Wuala

[2012.07.23 19:19:41 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job

[2012.07.15 10:33:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Seph\Documents\desktop.ini:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

< End of report >

Link to post
Share on other sites

Extra:

OTL Extras logfile created on: 23.07.2012 19:29:29 - Run 2

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Seph\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,72 Gb Available Physical Memory | 84,24% Memory free

8,37 Gb Paging File | 7,17 Gb Available in Paging File | 85,61% Paging File free

Paging file location(s): c:\pagefile.sys 400 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 73,14 Gb Total Space | 18,47 Gb Free Space | 25,25% Space Free | Partition Type: NTFS

Drive D: | 392,52 Gb Total Space | 67,22 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

Computer Name: CLOUD_STRIFE | User Name: Seph | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- D:\Programme\CS5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- D:\Programme\CS5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{055E8A40-D1A3-4733-8C8B-BA13782DD58B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{35896214-E8D8-4570-A400-E6BD0C8CCABE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\just cause 2\justcause2.exe |

"{40B71CC7-580E-4068-AFE4-9F893C4DB9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6CB6364F-24EC-4E1D-82B3-13FEEB5331AA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |

"{6D3532AB-348F-4E7E-834C-A30D474139E7}" = dir=out | app=d:\games\steam\steamapps\common\driver san francisco\driver.exe |

"{8242BDD5-7340-4FB4-8491-AFD1245B8150}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\driver san francisco\driver.exe |

"{826DC691-48E6-488A-A7CE-C3B3393901C4}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\driver san francisco\driver.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{966812C5-8D39-4647-B928-6B162D5856F7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\just cause 2\justcause2.exe |

"{9999715B-99E7-4FFB-A3E8-1DA5B62F4367}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B3E3BFB5-837A-4C1D-95DA-B027C70BB2C2}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\shatter\shattersettingseditor.exe |

"{B5EED98F-F0EE-4BD2-ADA8-4903D7F2AF77}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EAAA1253-F26B-41FE-838F-3065A3EDE66A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\shatter\shattersettingseditor.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EFD8F301-09A7-471E-8B6D-D69D2BC4A56F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine\trine_launcher.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{0A181D48-678D-4353-A3D1-A0134AB90D9E}D:\games\steam\steamapps\common\batman2\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |

"TCP Query User{C7BB1535-890B-4016-8795-77A16F6456AC}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |

"TCP Query User{CB6EBB73-9F08-4922-A149-02C292E246A6}D:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"TCP Query User{FA1E7C08-A0A6-4F9A-A436-2EC306CF2304}D:\games\origin\games\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\games\origin\games\need for speed hot pursuit\nfs11.exe |

"UDP Query User{4C33E419-B707-4BD0-8369-B0D687531674}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |

"UDP Query User{66CF470D-3CD7-4FD6-8EB3-E3292491165A}D:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"UDP Query User{881FC8CD-649E-4810-AB7D-D8EDEBCA73C1}D:\games\origin\games\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\games\origin\games\need for speed hot pursuit\nfs11.exe |

"UDP Query User{F43F5044-B96A-4942-A392-1E546BFC1511}D:\games\steam\steamapps\common\batman2\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0017-0407-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010

"{90140000-0017-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{D3646908-5C00-4C50-B9A5-9F1D1A83B452}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-1000-0000000FF1CE}_Office14.OMUI.de-de_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0043-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0100-0407-1000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010

"{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{E2D2FA5C-6353-4F7B-9ABF-F548759A5D35}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0101-0407-1000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010

"{90140000-0101-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{EA7ED796-796A-4C86-8BCB-88A55C89E32C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.17.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Sn1" = Logitech Flow Scroll 4.0

"sp6" = Logitech SetPoint 6.32

"UDK-62a48a31-1d59-4bae-b589-eaf91da88f71" = My Game Long Name

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1101370E-0BBC-4939-8037-2AED92A5C15C}_is1" = Rise of Flight

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4

"5513-1208-7298-9440" = JDownloader 0.9

"Abloadtool" = Abloadtool

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Afterburner" = MSI Afterburner 2.1.0

"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.78

"AudioCS" = Creative-Audiokonsole

"Bandicam" = Bandicam

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Battle.net" = Battle.net

"BattlEye A2 Free" = BattlEye (A2Free) Uninstall

"BOSS" = BOSS

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo" = Diablo

"Diablo III" = Diablo III

"Foxit Reader_is1" = Foxit Reader 5.1

"Fraps" = Fraps

"GameSave Manager_2.0" = GameSave Manager

"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21

"Google Chrome" = Google Chrome

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"loadtbs-3.0" = loadtbs-3.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MPE" = MyPhoneExplorer

"OCCT" = OCCT 4.0.0

"OpenAL" = OpenAL

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

"Rockstar Games Social Club" = Rockstar Games Social Club

"Steam App 110800" = L.A. Noire

"Steam App 17330" = Crysis Warhead

"Steam App 200900" = Cave Story+

"Steam App 204060" = Superbrothers: Sword & Sworcery EP

"Steam App 207170" = Legend of Grimrock

"Steam App 20820" = Shatter

"Steam App 209830" = Lone Survivor

"Steam App 209870" = Blacklight: Retribution

"Steam App 33440" = Driver San Francisco

"Steam App 35700" = Trine

"Steam App 40800" = Super Meat Boy

"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl

"Steam App 550" = Left 4 Dead 2

"Steam App 57400" = Batman: Arkham City™

"Steam App 8190" = Just Cause 2

"Steam App 98400" = Hard Reset

"Steam App 99300" = Renegade Ops

"Trillian" = Trillian

"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 13.07.2012 09:01:16 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Need for Speed The Run.exe, Version:

1.1.0.0, Zeitstempel: 0x4f14cf9c Name des fehlerhaften Moduls: Need for Speed The

Run.exe, Version: 1.1.0.0, Zeitstempel: 0x4f14cf9c Ausnahmecode: 0xc0000005 Fehleroffset:

0x010b54c8 ID des fehlerhaften Prozesses: 0x1658 Startzeit der fehlerhaften Anwendung:

0x01cd60f396aa804e Pfad der fehlerhaften Anwendung: D:\Games\Origin\Games\Need for

Speed The Run\Need for Speed The Run.exe Pfad des fehlerhaften Moduls: D:\Games\Origin\Games\Need

for Speed The Run\Need for Speed The Run.exe Berichtskennung: d42257cb-ccea-11e1-bde8-002522e850c8

Error - 13.07.2012 09:11:10 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Need for Speed The Run.exe, Version:

1.1.0.0, Zeitstempel: 0x4f14cf9c Name des fehlerhaften Moduls: Need for Speed The

Run.exe, Version: 1.1.0.0, Zeitstempel: 0x4f14cf9c Ausnahmecode: 0xc0000005 Fehleroffset:

0x0156e81b ID des fehlerhaften Prozesses: 0x1378 Startzeit der fehlerhaften Anwendung:

0x01cd60f79f034816 Pfad der fehlerhaften Anwendung: D:\Games\Origin\Games\Need for

Speed The Run\Need for Speed The Run.exe Pfad des fehlerhaften Moduls: D:\Games\Origin\Games\Need

for Speed The Run\Need for Speed The Run.exe Berichtskennung: 3620f848-ccec-11e1-bde8-002522e850c8

Error - 13.07.2012 09:19:32 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Need for Speed The Run.exe, Version:

1.1.0.0, Zeitstempel: 0x4f14cf9c Name des fehlerhaften Moduls: Need for Speed The

Run.exe, Version: 1.1.0.0, Zeitstempel: 0x4f14cf9c Ausnahmecode: 0xc0000005 Fehleroffset:

0x0156e81b ID des fehlerhaften Prozesses: 0xb50 Startzeit der fehlerhaften Anwendung:

0x01cd60f92a6e7dc4 Pfad der fehlerhaften Anwendung: D:\Games\Origin\Games\Need for

Speed The Run\Need for Speed The Run.exe Pfad des fehlerhaften Moduls: D:\Games\Origin\Games\Need

for Speed The Run\Need for Speed The Run.exe Berichtskennung: 616126f3-cced-11e1-bde8-002522e850c8

Error - 13.07.2012 09:22:17 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Need for Speed The Run.exe, Version:

1.1.0.0, Zeitstempel: 0x4f14cf9c Name des fehlerhaften Moduls: Need for Speed The

Run.exe, Version: 1.1.0.0, Zeitstempel: 0x4f14cf9c Ausnahmecode: 0xc0000005 Fehleroffset:

0x003365c1 ID des fehlerhaften Prozesses: 0x110c Startzeit der fehlerhaften Anwendung:

0x01cd60fa350dff1a Pfad der fehlerhaften Anwendung: D:\Games\Origin\Games\Need for

Speed The Run\Need for Speed The Run.exe Pfad des fehlerhaften Moduls: D:\Games\Origin\Games\Need

for Speed The Run\Need for Speed The Run.exe Berichtskennung: c42831ed-cced-11e1-bde8-002522e850c8

Error - 14.07.2012 07:44:54 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: NFS11.exe, Version: 1.0.5.0, Zeitstempel:

0x00000000 Name des fehlerhaften Moduls: igo32.dll, Version: 8.6.0.357, Zeitstempel:

0x4fb1ef6b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000271b0 ID des fehlerhaften Prozesses:

0x1470 Startzeit der fehlerhaften Anwendung: 0x01cd61b6124bc0e0 Pfad der fehlerhaften

Anwendung: D:\Games\Origin\Games\Need for Speed Hot Pursuit\NFS11.exe Pfad des fehlerhaften

Moduls: D:\Games\Origin\igo32.dll Berichtskennung: 538511e7-cda9-11e1-958c-002522e850c8

Error - 14.07.2012 07:47:58 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: NFS11.exe, Version: 1.0.5.0, Zeitstempel:

0x00000000 Name des fehlerhaften Moduls: igo32.dll, Version: 8.6.0.357, Zeitstempel:

0x4fb1ef6b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000271b0 ID des fehlerhaften Prozesses:

0x1118 Startzeit der fehlerhaften Anwendung: 0x01cd61b680be8892 Pfad der fehlerhaften

Anwendung: D:\Games\Origin\Games\Need for Speed Hot Pursuit\NFS11.exe Pfad des fehlerhaften

Moduls: D:\Games\Origin\igo32.dll Berichtskennung: c12f7d9b-cda9-11e1-958c-002522e850c8

Error - 14.07.2012 07:48:30 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: NFS11.exe, Version: 1.0.5.0, Zeitstempel:

0x00000000 Name des fehlerhaften Moduls: igo32.dll, Version: 8.6.0.357, Zeitstempel:

0x4fb1ef6b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000271b0 ID des fehlerhaften Prozesses:

0x1710 Startzeit der fehlerhaften Anwendung: 0x01cd61b69492f717 Pfad der fehlerhaften

Anwendung: D:\Games\Origin\Games\Need for Speed Hot Pursuit\NFS11.exe Pfad des fehlerhaften

Moduls: D:\Games\Origin\igo32.dll Berichtskennung: d4b7c6d2-cda9-11e1-958c-002522e850c8

Error - 14.07.2012 18:16:13 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: grimrock.exe, Version: 0.0.0.0, Zeitstempel:

0x4f901331 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.1, Zeitstempel:

0x4ba1dbbe Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d635 ID des fehlerhaften Prozesses:

0x1a7c Startzeit der fehlerhaften Anwendung: 0x01cd620e471a7a4a Pfad der fehlerhaften

Anwendung: D:\Games\Steam\SteamApps\common\legend of grimrock\grimrock.exe Pfad

des fehlerhaften Moduls: C:\Windows\system32\MSVCR100.dll Berichtskennung: 8535ddd3-ce01-11e1-bb8e-002522e850c8

Error - 14.07.2012 18:51:27 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 5.1.0.18,

Zeitstempel: 0x4eef74d2 Name des fehlerhaften Moduls: talk.dll, Version: 5.1.0.18,

Zeitstempel: 0x4eef7468 Ausnahmecode: 0xc0000409 Fehleroffset: 0x001a19a2 ID des fehlerhaften

Prozesses: 0x500 Startzeit der fehlerhaften Anwendung: 0x01cd62131e69ef5c Pfad der

fehlerhaften Anwendung: D:\Programme\Trillian\trillian.exe Pfad des fehlerhaften

Moduls: D:\Programme\Trillian\talk.dll Berichtskennung: 71260709-ce06-11e1-a853-002522e850c8

Error - 15.07.2012 12:18:19 | Computer Name = Cloud_Strife | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: BatmanAC.exe, Version: 1.0.0.0, Zeitstempel:

0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:

0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03b5f118 ID des fehlerhaften Prozesses:

0x3248 Startzeit der fehlerhaften Anwendung: 0x01cd62a48a0c1ea0 Pfad der fehlerhaften

Anwendung: d:\games\steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe Pfad

des fehlerhaften Moduls: unknown Berichtskennung: b03e3901-ce98-11e1-a8dd-002522e850c8

[ System Events ]

Error - 18.05.2012 04:56:03 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:03 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:03 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:04 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:04 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:04 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:04 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 18.05.2012 04:56:04 | Computer Name = Cloud_Strife | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom1.

Error - 20.05.2012 10:39:36 | Computer Name = Cloud_Strife | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

Steam Client Service erreicht.

Error - 20.05.2012 10:39:36 | Computer Name = Cloud_Strife | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

nicht gestartet: %%1053

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
    @Alternate Data Stream - 1536 bytes -> C:\Users\Seph\Documents\desktop.ini:gs5sys
    @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Thanks! I did. Here is the Log:

Error: Unable to interpret <@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys> in the current context!

Error: Unable to interpret <@Alternate Data Stream - 1536 bytes -> C:\Users\Seph\Documents\desktop.ini:gs5sys> in the current context!

Error: Unable to interpret <@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys> in the current context!

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_202008

Link to post
Share on other sites

Didn't work, try again with the text listed in red:

:OTL

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Seph\Documents\desktop.ini:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

:Commands

[EMPTYJAVA]

[emptytemp]

MrC

Link to post
Share on other sites

This time it worked and it did a reboot and booted to normal windows. The thing that locked my desktop seems to be gone now. But is the virus gone as well?

All processes killed

========== OTL ==========

ADS C:\ProgramData:gs5sys deleted successfully.

ADS C:\Users\Seph\Documents\desktop.ini:gs5sys deleted successfully.

ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Seph

->Java cache emptied: 7385358 bytes

Q

Total Java Files Cleaned = 7,00 mb

Q

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Seph

->Temp folder emptied: 33760710 bytes

->Temporary Internet Files folder emptied: 8377592 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 721041937 bytes

->Google Chrome cache emptied: 6742028 bytes

->Flash cache emptied: 19987 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 757760 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 231819340 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50812851 bytes

RecycleBin emptied: 4877283534 bytes

Total Files Cleaned = 5.656,00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_202754

Files\Folders moved on Reboot...

C:\Users\Seph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Seph\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

That worked this time...........

I believe this is what you have: METROPOLITAN POLICE malware

ComboFix should help here:

You can run it in safe mode if needed:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here comes the log:

ComboFix 12-07-24.01 - Seph 23.07.2012 20:47:56.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6131 [GMT 2:00]

ausgeführt von:: c:\users\Seph\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Seph\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll

c:\users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

.

.

((((((((((((((((((((((( Dateien erstellt von 2012-06-23 bis 2012-07-23 ))))))))))))))))))))))))))))))

.

.

2012-07-23 18:20 . 2012-07-23 18:20 -------- d-----w- C:\_OTL

2012-07-23 15:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22DD88DE-C8A1-45F8-B5A7-D384BC39DF05}\mpengine.dll

2012-07-22 08:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-20 22:03 . 2012-07-20 22:12 -------- d-----w- c:\users\Seph\AppData\Local\Ubisoft Game Launcher

2012-07-20 22:02 . 2012-07-20 22:02 -------- d-----w- c:\programdata\Ubisoft

2012-07-20 22:02 . 2012-07-20 22:02 -------- d-----w- c:\program files (x86)\Ubisoft

2012-07-19 22:23 . 2012-07-19 22:23 -------- d-----w- c:\users\Seph\AppData\Local\Sidhe

2012-07-15 21:24 . 2012-07-15 21:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B3C8F77-6224-454A-AE95-AC9131B1F0B6}\gapaengine.dll

2012-07-15 21:23 . 2012-07-15 21:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-15 21:23 . 2012-07-15 21:23 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-15 21:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 18:55 . 2012-07-15 20:09 -------- d-----w- C:\FRST

2012-07-15 18:36 . 2012-07-15 18:36 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\programdata\HitmanPro

2012-07-15 18:17 . 2012-07-15 18:38 -------- d-----w- c:\program files (x86)\Optimizer Pro

2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\users\Seph\AppData\Roaming\convert

2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\users\Seph\AppData\Roaming\loadtbs

2012-07-15 17:57 . 2012-07-17 07:41 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware

2012-07-15 17:21 . 2012-07-15 18:37 -------- d-----w- c:\programdata\Kaspersky Lab

2012-07-15 10:28 . 2012-07-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-14 13:41 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-07-14 13:41 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-13 11:39 . 2012-07-13 11:39 -------- d-----w- c:\windows\SysWow64\URTTEMP

2012-07-13 11:33 . 2012-07-13 11:38 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-07-13 10:19 . 2012-07-13 10:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Trine2

2012-07-12 08:00 . 2012-07-12 08:11 -------- d-----w- c:\programdata\Solidshield

2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\windows\SysWow64\XPSViewer

2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\Reference Assemblies

2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\MSBuild

2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\Reference Assemblies

2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\MSBuild

2012-07-10 23:49 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-10 23:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-09 21:56 . 2012-07-10 21:22 -------- d-----w- c:\programdata\EA Logs

2012-07-09 21:56 . 2012-07-09 21:56 -------- d-----w- c:\programdata\EA Core

2012-07-09 21:39 . 2012-07-09 21:40 -------- d-----w- c:\users\Seph\AppData\Roaming\Origin

2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\users\Seph\AppData\Local\Origin

2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Electronic Arts

2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Origin

2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\program files (x86)\Origin Games

2012-07-08 13:15 . 2012-07-08 13:15 -------- d-----w- c:\users\Seph\AppData\Roaming\LoneSurvivor

2012-07-06 00:24 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-05 21:11 . 2012-07-05 21:11 -------- d-----w- c:\users\Seph\AppData\Local\4A Games

2012-07-03 00:05 . 2012-07-08 13:22 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-03 00:05 . 2012-07-03 00:05 -------- d-----w- c:\users\Seph\AppData\Local\PunkBuster

2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-03 00:01 . 2012-07-03 00:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-03 00:01 . 2012-07-02 22:48 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-07-01 17:40 . 2012-07-01 17:40 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 Free

2012-07-01 15:36 . 2012-07-01 15:36 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 OA DEMO

2012-06-30 00:28 . 2012-06-30 00:35 -------- d-----w- c:\users\Seph\AppData\Roaming\The Path

2012-06-26 23:50 . 2012-06-28 18:06 -------- d-----w- c:\programdata\NVIDIA

2012-06-26 23:50 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-06-26 23:50 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-06-26 23:50 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-06-26 23:50 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-06-26 23:50 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-06-26 23:50 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-06-26 23:50 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-06-26 23:50 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-26 23:50 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-26 23:50 . 2012-06-26 23:50 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-06-26 23:49 . 2012-05-15 10:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-06-26 23:49 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-06-26 23:49 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-06-26 23:49 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-06-26 23:49 . 2012-05-15 10:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-06-26 23:49 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-06-26 23:49 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-06-26 23:49 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-06-26 22:17 . 2012-06-26 22:17 -------- d-----w- c:\users\Seph\AppData\Local\Chromium

2012-06-26 22:14 . 2012-06-26 22:14 -------- d-----w- c:\program files (x86)\Rockstar Games

2012-06-26 21:57 . 2012-06-26 21:57 -------- d-----w- c:\users\Seph\AppData\Roaming\BANDISOFT

2012-06-26 21:56 . 2012-06-26 21:56 -------- d-----w- c:\program files (x86)\BandiMPEG1

2012-06-26 16:21 . 2012-06-26 21:56 -------- d-----w- c:\users\Seph\AppData\Local\Dxtory Software

2012-06-26 13:44 . 2012-05-21 13:10 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2012-06-26 13:44 . 2012-05-21 13:10 188776 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-06-26 13:44 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-06-26 13:44 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-06-26 13:44 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-06-26 13:44 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-06-26 13:44 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-06-26 13:44 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-06-26 13:44 . 2012-05-15 10:48 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-06-26 13:44 . 2012-05-15 10:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-06-26 13:44 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-06-26 13:44 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-06-24 09:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 09:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 09:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 09:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 09:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 09:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 09:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 09:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 09:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-23 18:51 . 2012-01-27 11:04 151552 ----a-w- c:\windows\KMSEmulator.exe

2012-07-15 21:02 . 2012-01-01 19:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 11:46 . 2012-03-16 15:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-26 13:51 . 2012-04-03 08:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-26 13:51 . 2012-01-01 22:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-26 07:02 . 2012-01-30 23:15 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 07:02 . 2012-01-30 23:15 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-05-31 04:04 . 2012-07-15 21:02 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C521F0A-3AF0-4D18-89CE-8913582BDAE1}\mpengine.dll

2012-05-27 21:13 . 2012-05-15 10:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-05-27 14:51 . 2012-01-02 19:46 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2012-05-27 14:51 . 2012-01-02 19:46 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-05-27 14:51 . 2012-01-02 19:46 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2012-05-27 14:51 . 2012-01-02 19:46 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-05-21 07:34 . 2012-02-28 09:57 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-05-18 08:53 . 2012-05-18 08:53 61440 ----a-w- c:\windows\diabunin.exe

2012-05-18 08:53 . 2012-04-28 18:57 86528 ----a-w- c:\windows\bnetunin.exe

2012-05-15 10:48 . 2012-05-23 10:10 364352 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-15 10:48 . 2012-05-23 10:10 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2012-05-15 10:48 . 2012-04-18 15:34 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-02-28 09:57 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2012-01-19 14:24 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2012-01-19 14:24 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2012-01-19 14:24 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 10:45 . 2012-05-15 10:45 53248 ----a-r- c:\users\Seph\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-05-15 04:01 . 2012-06-13 17:34 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-13 17:34 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-13 17:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-13 17:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 17:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 17:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 17:34 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 17:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 17:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 17:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 17:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Seph\AppData\Roaming\loadtbs\toolbar.dll" [2012-07-15 614912]

.

[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="d:\programme\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-10 21432]

"KiesPreload"="d:\programme\Kies\Kies.exe" [2012-07-10 975800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]

"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]

"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Seph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-05-27 79360]

R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]

R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]

R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]

R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]

R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-15 30496]

R3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]

R3 RivaTuner64;RivaTuner64;d:\programme\RivaTuner v2.24\RivaTuner64.sys [2012-07-11 19952]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]

S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]

S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 RTCore64;RTCore64;d:\programme\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-23 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-01-27 11:04]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"EvtMgr6"="d:\programme\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - d:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Seph\AppData\Roaming\Mozilla\Firefox\Profiles\tx3jwk86.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)

AddRemove-BattlEye A2 Free - d:\games\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe

AddRemove-BOSS - d:\games\Steam\SteamApps\common\fallout new vegas\Uninstall.exe

AddRemove-Generic Mod Manager_is1 - d:\games\Steam\SteamApps\common\fallout new vegas\GeMM\uninstall\unins000.exe

AddRemove-loadtbs-3.0 - c:\users\Seph\AppData\Roaming\loadtbs\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:44,eb,39,b1,f0,51,85,8b,12,7a,6a,0b,92,e0,74,fa,c5,5b,df,87,b9,d9,5d,

0e,d4,64,4b,b0,8f,18,44,77,e8,03,90,c5,c6,b5,06,26,f3,33,48,e2,58,34,6f,66,\

"??"=hex:01,5a,03,9a,10,2f,bd,03,4e,44,50,15,f5,fe,5c,83

.

[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\License information*]

"datasecu"=hex:b0,c9,de,d4,58,ab,a8,96,77,2e,32,5a,61,1d,c5,20,8f,18,07,6f,ef,

42,ce,cd,bf,53,f2,6a,ed,c8,45,3b,ce,5a,a3,88,af,ec,e3,80,10,0b,7c,fe,d1,2e,\

"rkeysecu"=hex:32,53,e8,30,72,cd,08,65,52,f2,8c,3f,cd,9c,74,10

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

d:\programme\MSI Afterburner\MSIAfterburner.exe

c:\windows\SysWOW64\CtHelper.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-23 20:54:38 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2012-07-23 18:54

ComboFix2.txt 2012-07-15 20:07

.

Vor Suchlauf: 14 Verzeichnis(se), 20.746.977.280 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 20.648.783.872 Bytes frei

.

- - End Of File - - ACB4EC79D64DD730ED6B3719DAD3A40E

Link to post
Share on other sites

Great thumbsup.gif There's a lot of info in My Preventive Maintenance on how you got infected.

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.