Inactive [A] Win32:malware-gen

Broni · Jul 15, 2012

That item has been already quarantined by FRST so you're OK.

I still need OTL log.

sulpher · Jul 16, 2012

oh yeah, sorry! here it is:

OTL logfile created on: 16.07.2012 09:51:14 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rene\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,12 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 62,87% Memory free
6,24 Gb Paging File | 4,97 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,41 Gb Total Space | 25,63 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 2,21 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
Drive E: | 107,91 Gb Total Space | 89,33 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
Drive F: | 8,55 Gb Total Space | 8,46 Gb Free Space | 99,02% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 13,07 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
Drive H: | 265,57 Gb Total Space | 3,57 Gb Free Space | 1,34% Space Free | Partition Type: NTFS

Computer Name: CHRONOS | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.16 09:49:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Downloads\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.01 17:16:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.11 17:26:56 | 002,240,512 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
PRC - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.06 21:50:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.11 17:26:56 | 002,240,512 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
MOD - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
MOD - [2009.12.22 12:30:36 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK.dll
MOD - [2009.12.22 12:30:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
MOD - [2009.12.22 12:30:30 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\GerRes.dll
MOD - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
MOD - [1998.10.31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBManage.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.18 16:03:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.22 13:52:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.01 17:16:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.09.30 14:26:13 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011.09.30 14:26:12 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.08 08:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.12.22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009.12.22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 0E A9 69 2E B4 CC 01 [binary data]
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - prefs.js..network.proxy.http: "84.32.47.220"
FF - prefs.js..network.proxy.http_port: 3128

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.12 14:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.08.23 14:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2012.07.01 22:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\896b39mj.default\extensions
[2012.06.07 23:03:00 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\896b39mj.default\extensions\ich@maltegoetz.de
[2012.07.12 12:59:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\896b39mj.default\searchplugins\icqplugin-1.xml
[2012.01.28 12:50:30 | 000,001,056 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\896b39mj.default\searchplugins\icqplugin.xml
[2012.04.25 15:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.12 14:07:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.06.18 16:03:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 12:10:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 12:10:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 12:10:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 12:10:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 12:10:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 12:10:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.14 12:53:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{713D2C9B-4EE0-4E6E-BDDD-0B5288B62238}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.14 14:38:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.14 12:51:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.14 12:41:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.14 12:41:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.14 12:41:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.14 12:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.14 12:33:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.14 12:22:31 | 004,577,833 | R--- | C] (Swearware) -- C:\Users\Rene\Desktop\ComboFix.exe
[2012.07.14 12:03:41 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.07.13 18:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D146B00097B8A026961ECF875EF60
[2012.07.13 04:14:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012.07.12 14:07:20 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.12 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2012.07.12 13:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.12 13:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.12 13:13:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.12 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.12 13:12:02 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.03 19:23:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Vuze Downloads
[2012.06.24 12:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OO Software
[2012.06.24 12:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

sulpher · Jul 16, 2012

========== Files - Modified Within 30 Days ==========

[2012.07.16 09:17:34 | 000,020,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:17:34 | 000,020,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:16:58 | 001,612,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 09:16:58 | 000,696,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 09:16:58 | 000,652,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 09:16:58 | 000,148,064 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 09:16:58 | 000,121,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 09:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 09:09:35 | 2514,608,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.14 12:53:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.14 12:21:16 | 004,577,833 | R--- | M] (Swearware) -- C:\Users\Rene\Desktop\ComboFix.exe
[2012.07.12 17:19:20 | 000,302,592 | ---- | M] () -- C:\Users\Rene\Desktop\72q5cdld.exe
[2012.07.12 14:07:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.12 13:55:01 | 000,318,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:13:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 13:12:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.10 21:58:20 | 000,070,903 | ---- | M] () -- C:\Users\Rene\Desktop\url.png
[2012.07.09 22:32:06 | 000,202,389 | ---- | M] () -- C:\Users\Rene\1341846632725.png
[2012.07.09 20:56:40 | 000,033,094 | ---- | M] () -- C:\Users\Rene\ticket_7350.pdf
[2012.07.09 20:56:27 | 000,033,097 | ---- | M] () -- C:\Users\Rene\ticket_7349.pdf
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 17:50:30 | 000,001,273 | ---- | M] () -- C:\Users\Rene\Documents\schleif.rtf
[2012.06.30 14:05:18 | 000,000,823 | ---- | M] () -- C:\Users\Rene\.recently-used.xbel
[2012.06.29 22:36:43 | 000,510,073 | ---- | M] () -- C:\Users\Rene\Desktop\1341000156652.jpg
[2012.06.28 22:00:42 | 000,053,351 | ---- | M] () -- C:\Users\Rene\Desktop\scriptcrumb.jpg
[2012.06.27 22:19:58 | 000,048,605 | ---- | M] () -- C:\Users\Rene\Desktop\1340820188019.jpg
[2012.06.25 21:59:15 | 000,085,439 | ---- | M] () -- C:\Users\Rene\Desktop\1340649571483.jpg
[2012.06.24 14:50:17 | 000,391,874 | ---- | M] () -- C:\Users\Rene\bontides.png
[2012.06.20 20:36:38 | 000,310,483 | ---- | M] () -- C:\Users\Rene\typ.png
[2012.06.19 20:26:49 | 965,612,406 | ---- | M] () -- C:\Users\Rene\Peaceful Solitude Mix - video.mp4
[2012.06.18 21:25:37 | 000,050,111 | ---- | M] () -- C:\Users\Rene\schleifenpups.jpg
[2012.06.18 20:09:18 | 000,090,234 | ---- | M] () -- C:\Users\Rene\Desktop\1340031247886.jpg
[2012.06.18 18:44:27 | 588,432,650 | ---- | M] () -- C:\Users\Rene\Forgotten Dreams Mix - video.mp4
[2012.06.17 22:20:38 | 000,184,411 | ---- | M] () -- C:\Users\Rene\Desktop\1339963516272.jpg
[2012.06.17 12:38:33 | 000,009,809 | ---- | M] () -- C:\Users\Rene\index.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.14 12:41:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.14 12:41:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.14 12:41:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.14 12:41:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.14 12:41:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.12 17:19:18 | 000,302,592 | ---- | C] () -- C:\Users\Rene\Desktop\72q5cdld.exe
[2012.07.12 13:13:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.10 21:58:20 | 000,070,903 | ---- | C] () -- C:\Users\Rene\Desktop\url.png
[2012.07.09 22:29:38 | 000,202,389 | ---- | C] () -- C:\Users\Rene\1341846632725.png
[2012.07.09 20:56:38 | 000,033,094 | ---- | C] () -- C:\Users\Rene\ticket_7350.pdf
[2012.07.09 20:56:24 | 000,033,097 | ---- | C] () -- C:\Users\Rene\ticket_7349.pdf
[2012.07.01 17:50:29 | 000,001,273 | ---- | C] () -- C:\Users\Rene\Documents\schleif.rtf
[2012.06.30 14:05:18 | 000,000,823 | ---- | C] () -- C:\Users\Rene\.recently-used.xbel
[2012.06.29 22:36:43 | 000,510,073 | ---- | C] () -- C:\Users\Rene\Desktop\1341000156652.jpg
[2012.06.28 22:00:42 | 000,053,351 | ---- | C] () -- C:\Users\Rene\Desktop\scriptcrumb.jpg
[2012.06.27 22:19:55 | 000,048,605 | ---- | C] () -- C:\Users\Rene\Desktop\1340820188019.jpg
[2012.06.25 21:59:15 | 000,085,439 | ---- | C] () -- C:\Users\Rene\Desktop\1340649571483.jpg
[2012.06.24 14:50:17 | 000,391,874 | ---- | C] () -- C:\Users\Rene\bontides.png
[2012.06.20 20:36:38 | 000,310,483 | ---- | C] () -- C:\Users\Rene\typ.png
[2012.06.19 20:17:30 | 965,612,406 | ---- | C] () -- C:\Users\Rene\Peaceful Solitude Mix - video.mp4
[2012.06.18 21:25:36 | 000,050,111 | ---- | C] () -- C:\Users\Rene\schleifenpups.jpg
[2012.06.18 20:09:18 | 000,090,234 | ---- | C] () -- C:\Users\Rene\Desktop\1340031247886.jpg
[2012.06.18 18:32:51 | 588,432,650 | ---- | C] () -- C:\Users\Rene\Forgotten Dreams Mix - video.mp4
[2012.06.17 22:20:38 | 000,184,411 | ---- | C] () -- C:\Users\Rene\Desktop\1339963516272.jpg
[2012.06.17 12:38:28 | 000,009,809 | ---- | C] () -- C:\Users\Rene\index.jpg
[2012.06.12 22:31:24 | 000,188,555 | ---- | C] () -- C:\Users\Rene\1339523964212.jpg
[2012.06.09 22:45:40 | 000,086,239 | ---- | C] () -- C:\Users\Rene\ricekrispy_edited-1.jpg
[2012.06.09 00:43:57 | 000,074,894 | ---- | C] () -- C:\Users\Rene\eva explosion.jpg
[2012.06.09 00:42:51 | 000,009,004 | ---- | C] () -- C:\Users\Rene\220px-Operation_Upshot-Knothole_-_Badger_001.jpg
[2012.06.08 18:52:19 | 000,066,378 | ---- | C] () -- C:\Users\Rene\06bc0b89-53037387.jpg
[2012.06.08 17:53:57 | 000,042,728 | ---- | C] () -- C:\Users\Rene\20a74911-54671067.jpg
[2012.06.08 15:37:30 | 000,077,308 | ---- | C] () -- C:\Users\Rene\6e5e3fde-54095745.jpg
[2012.06.07 20:20:27 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.07 00:26:46 | 000,039,476 | ---- | C] () -- C:\Users\Rene\e1ef29db-55911641.jpg
[2012.05.21 18:48:11 | 000,064,795 | ---- | C] () -- C:\Users\Rene\Tierärztin.png
[2012.05.18 16:59:49 | 000,036,023 | ---- | C] () -- C:\Users\Rene\farbpalette.png
[2012.05.18 15:38:56 | 000,305,076 | ---- | C] () -- C:\Users\Rene\desktop.jpg
[2012.05.17 22:14:29 | 000,070,560 | ---- | C] () -- C:\Users\Rene\schleifi2.jpg
[2012.05.17 22:14:18 | 000,066,816 | ---- | C] () -- C:\Users\Rene\schleifi1.jpg
[2012.05.17 20:53:49 | 000,053,027 | ---- | C] () -- C:\Users\Rene\schleifenfaust2.jpg
[2012.05.17 00:02:23 | 001,194,127 | ---- | C] () -- C:\Users\Rene\desktop.png
[2012.05.16 20:43:12 | 001,454,563 | ---- | C] () -- C:\Users\Rene\show_img_test.php.jpg
[2012.05.15 23:16:26 | 000,062,590 | ---- | C] () -- C:\Users\Rene\398230_327793783942546_176890359032890_816253_1356288693_n.jpg
[2012.05.15 23:15:09 | 000,025,610 | ---- | C] () -- C:\Users\Rene\1332561192815.jpg
[2012.05.15 23:14:19 | 000,042,365 | ---- | C] () -- C:\Users\Rene\1332962720631.jpg
[2012.05.15 23:04:37 | 001,685,468 | ---- | C] () -- C:\Users\Rene\_MG_1198 copy.png_effected-001 copy.png
[2012.05.15 22:57:22 | 000,263,880 | ---- | C] () -- C:\Users\Rene\4018627_460s.jpg
[2012.05.15 22:40:12 | 000,076,089 | ---- | C] () -- C:\Users\Rene\535512_337444079650896_245932432135395_916449_1651502589_n.jpg
[2012.05.15 21:20:18 | 000,518,805 | ---- | C] () -- C:\Users\Rene\DSC01276.JPG
[2012.05.15 21:20:18 | 000,420,570 | ---- | C] () -- C:\Users\Rene\DSC01278.JPG
[2012.05.15 21:20:18 | 000,378,607 | ---- | C] () -- C:\Users\Rene\DSC01279.JPG
[2012.05.15 21:18:20 | 000,711,111 | ---- | C] () -- C:\Users\Rene\DSC01280.JPG
[2012.05.15 19:30:13 | 000,012,793 | ---- | C] () -- C:\Users\Rene\webscr.htm
[2012.05.08 20:49:33 | 000,071,688 | ---- | C] () -- C:\Users\Rene\382842_310130242352503_100000665887016_1015487_1877544522_n.jpg
[2012.05.07 20:40:15 | 000,138,632 | ---- | C] () -- C:\Users\Rene\398173308.htm
[2012.05.07 17:13:24 | 000,120,519 | ---- | C] () -- C:\Users\Rene\dvuqtyz4.jpg
[2012.05.05 18:26:51 | 119,742,789 | ---- | C] () -- C:\Users\Rene\ISIS 20 Minutes 40 Years Official Video - (1280 x 720).mp4
[2012.05.05 15:36:05 | 000,072,272 | ---- | C] () -- C:\Users\Rene\b89cf15c-55142163.jpg
[2012.05.04 20:29:25 | 000,062,012 | ---- | C] () -- C:\Users\Rene\318104_399836750046689_118122788_n.jpg
[2012.05.04 18:07:25 | 000,063,006 | ---- | C] () -- C:\Users\Rene\abaaea10-55154951.jpg
[2012.05.03 20:19:17 | 000,058,744 | ---- | C] () -- C:\Users\Rene\schleifenfaust.jpg
[2012.04.30 20:00:13 | 000,059,513 | ---- | C] () -- C:\Users\Rene\aa6b3f89-55052742.jpg
[2012.04.30 20:00:05 | 000,050,167 | ---- | C] () -- C:\Users\Rene\e2ac6f69-55060784.jpg
[2012.04.30 19:59:55 | 000,045,472 | ---- | C] () -- C:\Users\Rene\d70e45e6-55060861.jpg
[2012.04.29 21:48:30 | 000,290,898 | ---- | C] () -- C:\Users\Rene\spirale3.jpg
[2012.04.29 21:48:05 | 000,293,630 | ---- | C] () -- C:\Users\Rene\spirale2.jpg
[2012.04.29 21:47:27 | 000,100,667 | ---- | C] () -- C:\Users\Rene\spirale.jpg
[2012.04.29 21:44:29 | 000,119,214 | ---- | C] () -- C:\Users\Rene\zifferblattsäule2.jpg
[2012.04.29 21:41:30 | 000,305,883 | ---- | C] () -- C:\Users\Rene\zifferblattsäule.jpg
[2012.04.29 21:32:47 | 000,065,469 | ---- | C] () -- C:\Users\Rene\zifferblatt.jpg
[2012.04.29 21:17:14 | 000,248,917 | ---- | C] () -- C:\Users\Rene\attachment2.jpg
[2012.04.29 21:17:14 | 000,149,603 | ---- | C] () -- C:\Users\Rene\attachment.jpg
[2012.04.27 18:06:56 | 000,376,510 | ---- | C] () -- C:\Users\Rene\DSC01264.JPG
[2012.04.27 18:06:44 | 000,366,324 | ---- | C] () -- C:\Users\Rene\DSC01263.JPG
[2012.04.26 20:19:35 | 000,065,962 | ---- | C] () -- C:\Users\Rene\6d8c5095-54945399.jpg
[2012.04.25 19:20:12 | 000,163,344 | ---- | C] () -- C:\Users\Rene\415415.jpg
[2012.04.25 19:20:03 | 000,115,511 | ---- | C] () -- C:\Users\Rene\54646.jpg
[2012.04.25 19:19:41 | 000,211,245 | ---- | C] () -- C:\Users\Rene\l.php.jpg
[2012.04.23 19:03:44 | 000,084,025 | ---- | C] () -- C:\Users\Rene\1335200520025.jpg
[2012.04.23 18:47:09 | 000,958,878 | ---- | C] () -- C:\Users\Rene\evalein2.jpg
[2012.04.23 18:45:57 | 000,959,929 | ---- | C] () -- C:\Users\Rene\evalein.jpg
[2012.04.23 12:54:20 | 000,678,445 | ---- | C] () -- C:\Users\Rene\WORKOUT.jpg
[2012.04.22 21:24:13 | 000,132,234 | ---- | C] () -- C:\Users\Rene\Hundehalter.jpg
[2012.04.22 20:54:50 | 000,340,761 | ---- | C] () -- C:\Users\Rene\p2.jpg
[2012.04.22 20:54:40 | 000,571,955 | ---- | C] () -- C:\Users\Rene\p1.jpg
[2012.04.20 23:56:56 | 000,205,412 | ---- | C] () -- C:\Users\Rene\altocumulus2.jpg
[2012.04.19 20:41:17 | 000,098,557 | ---- | C] () -- C:\Users\Rene\imgur-rhcj6.jpg
[2012.04.19 19:09:08 | 000,055,317 | ---- | C] () -- C:\Users\Rene\664a2928-50325325.jpg
[2012.04.19 19:08:26 | 000,056,811 | ---- | C] () -- C:\Users\Rene\d1e8028c-50960234.jpg
[2012.04.19 16:06:19 | 000,061,563 | ---- | C] () -- C:\Users\Rene\cowmangler.jpg
[2012.04.18 12:29:38 | 000,038,410 | ---- | C] () -- C:\Users\Rene\389769_387157364647961_100000611016461_85238660_1213619422_n.jpg
[2012.04.18 12:28:31 | 000,056,809 | ---- | C] () -- C:\Users\Rene\562626_387182451312119_100000611016461_85238704_1522300794_n.jpg
[2012.04.17 21:13:03 | 000,026,576 | ---- | C] () -- C:\Users\Rene\speed.jpg
[2012.04.15 12:53:33 | 000,031,675 | ---- | C] () -- C:\Users\Rene\winkelklein.png
[2012.04.15 00:02:33 | 000,104,014 | ---- | C] () -- C:\Users\Rene\skittles2.htm
[2012.04.15 00:02:19 | 000,224,542 | ---- | C] () -- C:\Users\Rene\skittles1.htm
[2012.04.14 13:02:21 | 000,746,219 | ---- | C] () -- C:\Users\Rene\DSC01260.JPG
[2012.04.14 00:41:14 | 000,012,300 | ---- | C] () -- C:\Users\Rene\8i9a8lxe.jpg
[2012.04.14 00:37:14 | 000,040,824 | ---- | C] () -- C:\Users\Rene\398713_383063185042856_226210720728104_1693591_1828251523_n.jpg
[2012.04.14 00:30:42 | 000,056,911 | ---- | C] () -- C:\Users\Rene\295254_279226372154494_100002014006398_636583_1824644190_n.jpg
[2012.04.14 00:29:23 | 000,940,040 | ---- | C] () -- C:\Users\Rene\Ich,fett,baby.jpg.jpg
[2012.04.14 00:26:44 | 000,515,578 | ---- | C] () -- C:\Users\Rene\Schnappschuss von mir 105.png
[2012.04.14 00:22:00 | 000,593,723 | ---- | C] () -- C:\Users\Rene\1334355016517.png
[2012.04.14 00:18:20 | 000,779,481 | ---- | C] () -- C:\Users\Rene\3771553_700b.jpg
[2012.04.14 00:15:43 | 000,155,365 | ---- | C] () -- C:\Users\Rene\3812620_460s.jpg
[2012.04.13 23:09:20 | 000,022,363 | ---- | C] () -- C:\Users\Rene\375062_327128957342362_176890359032890_814726_1669145898_n.jpg
[2012.04.13 23:08:59 | 000,027,802 | ---- | C] () -- C:\Users\Rene\540774_324013327653925_176890359032890_806362_1312153705_n.jpg
[2012.04.13 23:08:55 | 000,024,198 | ---- | C] () -- C:\Users\Rene\529284_359603107414830_100000954326565_1018927_214261335_n.jpg
[2012.04.13 19:45:26 | 000,200,949 | ---- | C] () -- C:\Users\Rene\himmelstrahlen.jpg
[2012.04.13 12:42:40 | 000,365,025 | ---- | C] () -- C:\Users\Rene\DSC01259.JPG
[2012.04.13 12:42:35 | 000,395,351 | ---- | C] () -- C:\Users\Rene\DSC01258.JPG
[2012.04.13 12:42:23 | 000,373,466 | ---- | C] () -- C:\Users\Rene\DSC01257.JPG
[2012.04.13 09:15:42 | 000,453,932 | ---- | C] () -- C:\Users\Rene\DSC01255.JPG
[2012.04.13 09:15:32 | 000,411,100 | ---- | C] () -- C:\Users\Rene\DSC01254.JPG
[2012.04.13 09:15:26 | 000,436,758 | ---- | C] () -- C:\Users\Rene\DSC01253.JPG
[2012.04.10 11:54:55 | 000,672,629 | ---- | C] () -- C:\Users\Rene\DSC01252.JPG
[2012.03.30 20:22:54 | 000,204,375 | ---- | C] () -- C:\Users\Rene\eva zug.jpg
[2012.03.25 19:37:44 | 005,062,554 | ---- | C] () -- C:\Users\Rene\8czqr7f5.bmp
[2012.03.25 11:27:36 | 000,438,909 | ---- | C] () -- C:\Users\Rene\DSC01249.JPG
[2012.03.25 11:27:25 | 000,524,338 | ---- | C] () -- C:\Users\Rene\DSC01248.JPG
[2012.03.24 16:10:41 | 000,138,463 | ---- | C] () -- C:\Users\Rene\HATERS GONNA HATE.jpg
[2012.03.24 01:04:35 | 000,740,511 | ---- | C] () -- C:\Users\Rene\Abb 023.jpg
[2012.03.23 23:46:18 | 000,043,378 | ---- | C] () -- C:\Users\Rene\1332505444704.jpg
[2012.03.23 23:39:18 | 000,021,752 | ---- | C] () -- C:\Users\Rene\1332505658412.jpg
[2012.03.11 12:59:25 | 000,090,867 | ---- | C] () -- C:\Users\Rene\hmprod.jpg
[2012.03.10 17:40:24 | 002,791,696 | ---- | C] () -- C:\Users\Rene\benpowellmusic video - 2.mp3
[2012.03.10 17:40:06 | 004,981,900 | ---- | C] () -- C:\Users\Rene\benpowellmusic video - 1.mp3
[2012.03.10 17:39:36 | 002,880,731 | ---- | C] () -- C:\Users\Rene\benpowellmusic video.mp3
[2012.03.09 23:30:05 | 000,032,674 | ---- | C] () -- C:\Users\Rene\Eine Unruh-Welle.jpg
[2012.03.06 16:33:09 | 000,191,177 | ---- | C] () -- C:\Users\Rene\cyber.jpg
[2012.03.03 15:16:55 | 000,510,925 | ---- | C] () -- C:\Users\Rene\DSC01225.JPG
[2012.03.03 15:16:55 | 000,440,307 | ---- | C] () -- C:\Users\Rene\DSC01226.JPG
[2012.03.03 15:16:55 | 000,163,540 | ---- | C] () -- C:\Users\Rene\DSC01224.JPG
[2012.02.26 18:27:14 | 000,865,547 | ---- | C] () -- C:\Users\Rene\DSC01223.JPG
[2012.02.26 18:26:44 | 000,913,488 | ---- | C] () -- C:\Users\Rene\DSC01222.JPG
[2012.02.26 18:26:33 | 000,915,878 | ---- | C] () -- C:\Users\Rene\DSC01221.JPG
[2012.02.26 18:26:20 | 000,971,673 | ---- | C] () -- C:\Users\Rene\DSC01220.JPG
[2012.02.26 16:25:50 | 000,222,132 | ---- | C] () -- C:\Users\Rene\DSC01218.JPG
[2012.02.26 16:25:37 | 000,312,218 | ---- | C] () -- C:\Users\Rene\DSC01217.JPG
[2012.02.26 16:09:14 | 000,171,423 | ---- | C] () -- C:\Users\Rene\DSC01216.JPG
[2012.02.25 02:19:07 | 000,159,398 | ---- | C] () -- C:\Users\Rene\d67fc631-53531141.jpg
[2012.02.25 00:30:02 | 000,201,176 | ---- | C] () -- C:\Users\Rene\philipp.jpg
[2012.02.25 00:15:04 | 000,195,423 | ---- | C] () -- C:\Users\Rene\retrorot.JPG
[2012.02.24 22:33:03 | 000,573,812 | ---- | C] () -- C:\Users\Rene\graham.jpg
[2012.02.24 19:54:55 | 000,195,234 | ---- | C] () -- C:\Users\Rene\retro.JPG
[2012.02.23 22:52:39 | 000,183,856 | ---- | C] () -- C:\Users\Rene\e7bc287f-53499507.jpg
[2012.02.23 22:50:06 | 000,168,287 | ---- | C] () -- C:\Users\Rene\5bec0a49-53499407.jpg
[2012.02.23 22:38:46 | 000,197,017 | ---- | C] () -- C:\Users\Rene\0c57cab8-53498978.jpg
[2012.02.23 22:29:53 | 000,168,099 | ---- | C] () -- C:\Users\Rene\e0111d34-53498614.jpg
[2012.02.15 14:36:24 | 000,537,674 | ---- | C] () -- C:\Users\Rene\DSC01213.JPG
[2012.02.15 14:36:24 | 000,504,461 | ---- | C] () -- C:\Users\Rene\DSC01212.JPG
[2012.02.14 17:21:03 | 004,607,580 | ---- | C] () -- C:\Users\Rene\loadup video.mp4
[2012.02.05 02:16:39 | 000,177,032 | ---- | C] () -- C:\Users\Rene\TheKraken_Storyboard.jpg
[2012.02.05 02:15:06 | 000,095,349 | ---- | C] () -- C:\Users\Rene\corgi-release-the-kraken.jpg
[2012.02.03 18:06:16 | 000,062,728 | ---- | C] () -- C:\Users\Rene\378656245.htm
[2012.01.31 00:17:09 | 000,080,141 | ---- | C] () -- C:\Users\Rene\mof5lrhq.jpg
[2012.01.29 17:42:22 | 000,277,650 | ---- | C] () -- C:\Users\Rene\cupcakes.jpg
[2012.01.27 16:32:05 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\Temptable.xml
[2012.01.25 22:21:44 | 000,000,799 | ---- | C] () -- C:\Users\Rene\combustion.rtf
[2012.01.25 21:16:35 | 000,024,693 | ---- | C] () -- C:\Users\Rene\egt.odt
[2012.01.23 21:45:11 | 011,946,207 | ---- | C] () -- C:\Users\Rene\camelmedia video.mp4
[2012.01.23 20:21:58 | 000,498,899 | ---- | C] () -- C:\Users\Rene\Muffins.jpg
[2012.01.23 17:25:55 | 000,633,057 | ---- | C] () -- C:\Users\Rene\DSC01210.JPG
[2012.01.23 17:25:47 | 000,633,637 | ---- | C] () -- C:\Users\Rene\DSC01209.JPG
[2012.01.23 17:25:36 | 000,682,370 | ---- | C] () -- C:\Users\Rene\DSC01208.JPG
[2012.01.23 17:25:26 | 000,881,884 | ---- | C] () -- C:\Users\Rene\DSC01207.JPG
[2012.01.22 22:01:06 | 000,125,616 | ---- | C] () -- C:\Users\Rene\swordless.jpg
[2012.01.21 21:56:31 | 001,389,037 | ---- | C] () -- C:\Users\Rene\Sulpher Interview Schwarze Seiten 2002 Mera Luna - video.flv
[2012.01.21 18:39:41 | 019,287,426 | ---- | C] () -- C:\Users\Rene\myspacecdn video.flv
[2012.01.21 01:14:10 | 000,155,291 | ---- | C] () -- C:\Users\Rene\schuh.jpg
[2012.01.21 00:24:11 | 000,000,889 | ---- | C] () -- C:\Users\Rene\parapsych.rtf
[2012.01.20 19:57:55 | 000,072,565 | ---- | C] () -- C:\Users\Rene\euphorie euphorie.jpg
[2012.01.20 18:17:16 | 000,179,100 | ---- | C] () -- C:\Users\Rene\beavis-selbstgemacht.jpg
[2012.01.20 00:28:58 | 235,993,111 | ---- | C] () -- C:\Users\Rene\serveronline video.mp4
[2012.01.18 14:48:36 | 000,054,680 | ---- | C] () -- C:\Users\Rene\sulpherlogo.jpg
[2012.01.17 23:42:43 | 000,236,223 | ---- | C] () -- C:\Users\Rene\ZBhermle.jpg
[2012.01.16 23:35:59 | 000,011,196 | ---- | C] () -- C:\Users\Rene\1326747601197.jpg
[2012.01.16 23:35:21 | 000,051,939 | ---- | C] () -- C:\Users\Rene\1326744383259.jpg
[2012.01.16 23:33:33 | 000,284,063 | ---- | C] () -- C:\Users\Rene\1326732393730.png
[2012.01.16 23:33:18 | 000,070,120 | ---- | C] () -- C:\Users\Rene\1326726602897.jpg
[2012.01.16 23:27:03 | 000,107,650 | ---- | C] () -- C:\Users\Rene\1326727214639.jpg
[2012.01.16 23:26:57 | 000,055,800 | ---- | C] () -- C:\Users\Rene\1326727294343.jpg
[2012.01.16 23:26:52 | 000,041,113 | ---- | C] () -- C:\Users\Rene\1326727337855.jpg
[2012.01.16 23:26:47 | 000,114,067 | ---- | C] () -- C:\Users\Rene\1326727420804.jpg
[2012.01.16 23:26:42 | 000,074,098 | ---- | C] () -- C:\Users\Rene\1326727465283.jpg
[2012.01.16 23:26:37 | 000,039,328 | ---- | C] () -- C:\Users\Rene\1326727574215.jpg
[2012.01.16 23:26:31 | 000,047,015 | ---- | C] () -- C:\Users\Rene\1326728179242.jpg
[2012.01.16 23:26:25 | 000,109,463 | ---- | C] () -- C:\Users\Rene\1326727620369.jpg
[2012.01.16 23:26:20 | 000,057,696 | ---- | C] () -- C:\Users\Rene\1326727667378.jpg
[2012.01.16 23:26:15 | 000,102,221 | ---- | C] () -- C:\Users\Rene\1326727826932.jpg
[2012.01.16 23:26:08 | 000,044,447 | ---- | C] () -- C:\Users\Rene\1326728144401.jpg
[2012.01.16 23:25:59 | 000,068,942 | ---- | C] () -- C:\Users\Rene\1326731256184.jpg
[2012.01.16 23:25:49 | 000,108,549 | ---- | C] () -- C:\Users\Rene\1326728942150.jpg
[2012.01.16 23:25:45 | 000,096,098 | ---- | C] () -- C:\Users\Rene\1326728905791.jpg
[2012.01.16 23:25:38 | 000,061,235 | ---- | C] () -- C:\Users\Rene\1326728658084.jpg
[2012.01.16 23:25:26 | 000,317,710 | ---- | C] () -- C:\Users\Rene\1326728470475.gif
[2012.01.16 23:24:15 | 000,202,089 | ---- | C] () -- C:\Users\Rene\1326727006905.jpg
[2012.01.16 23:24:10 | 000,305,081 | ---- | C] () -- C:\Users\Rene\1326726958844.png
[2012.01.16 23:24:04 | 000,029,010 | ---- | C] () -- C:\Users\Rene\1326730367746.jpg
[2012.01.16 23:23:59 | 000,069,088 | ---- | C] () -- C:\Users\Rene\1326730032721.jpg
[2012.01.16 23:23:54 | 000,102,637 | ---- | C] () -- C:\Users\Rene\1326729598467.jpg
[2012.01.16 23:23:45 | 000,074,193 | ---- | C] () -- C:\Users\Rene\1326729311888.jpg
[2012.01.16 23:23:34 | 000,077,120 | ---- | C] () -- C:\Users\Rene\1326729252004.jpg
[2012.01.15 23:57:07 | 000,777,579 | ---- | C] () -- C:\Users\Rene\evalol.png
[2012.01.15 21:32:36 | 000,152,815 | ---- | C] () -- C:\Users\Rene\lol2.jpg
[2012.01.15 19:00:41 | 000,413,148 | ---- | C] () -- C:\Users\Rene\federhauszeichnung.jpg
[2012.01.12 18:06:34 | 000,171,922 | ---- | C] () -- C:\Users\Rene\face****.jpg
[2012.01.11 22:37:53 | 000,147,757 | ---- | C] () -- C:\Users\Rene\apfel2.jpg
[2012.01.11 22:37:46 | 000,153,642 | ---- | C] () -- C:\Users\Rene\apfel1.jpg
[2012.01.11 22:22:13 | 000,302,266 | ---- | C] () -- C:\Users\Rene\Blechankergang.jpg
[2012.01.11 22:20:39 | 000,583,329 | ---- | C] () -- C:\Users\Rene\DSC01203.JPG
[2012.01.11 22:20:39 | 000,334,465 | ---- | C] () -- C:\Users\Rene\DSC01204.JPG
[2012.01.04 19:11:24 | 000,516,761 | ---- | C] () -- C:\Users\Rene\1325695824265.jpg
[2011.12.22 01:13:44 | 000,153,043 | ---- | C] () -- C:\Users\Rene\evai76.jpg
[2011.12.22 01:00:42 | 000,223,322 | ---- | C] () -- C:\Users\Rene\eva schrift4.jpg
[2011.12.22 00:55:42 | 000,175,401 | ---- | C] () -- C:\Users\Rene\eva schrift2.jpg
[2011.12.22 00:55:31 | 000,223,542 | ---- | C] () -- C:\Users\Rene\eva schrift 1.jpg
[2011.12.20 01:07:26 | 000,002,020 | ---- | C] () -- C:\Users\Rene\FOTZEN.rtf
[2011.12.17 13:50:39 | 000,516,338 | ---- | C] () -- C:\Users\Rene\DSC01195.JPG
[2011.12.17 13:50:17 | 000,276,959 | ---- | C] () -- C:\Users\Rene\DSC01194.JPG
[2011.12.16 22:24:16 | 000,563,063 | ---- | C] () -- C:\Users\Rene\video-2011-12-05-10-32-02mp4 - (480 x 360).mp4
[2011.12.16 22:02:34 | 000,252,361 | ---- | C] () -- C:\Users\Rene\eiszapfen.jpg
[2011.12.16 22:00:11 | 000,138,878 | ---- | C] () -- C:\Users\Rene\halosonne.jpg
[2011.12.16 21:57:40 | 000,157,061 | ---- | C] () -- C:\Users\Rene\monsterpizza.jpg
[2011.12.16 21:55:22 | 000,332,191 | ---- | C] () -- C:\Users\Rene\mond.jpg
[2011.12.16 21:52:58 | 000,299,912 | ---- | C] () -- C:\Users\Rene\nebel.jpg
[2011.12.16 21:50:23 | 000,263,526 | ---- | C] () -- C:\Users\Rene\mondschnee.jpg
[2011.12.16 21:46:11 | 000,288,924 | ---- | C] () -- C:\Users\Rene\julius.jpg
[2011.12.15 22:10:07 | 000,146,328 | ---- | C] () -- C:\Users\Rene\lol.jpg
[2011.12.15 22:07:34 | 000,099,977 | ---- | C] () -- C:\Users\Rene\207445_196230710413967_100000811182735_447250_6562890_n.jpg
[2011.12.15 00:16:49 | 000,073,647 | ---- | C] () -- C:\Users\Rene\brainwall.jpg
[2011.12.14 23:02:42 | 000,048,277 | ---- | C] () -- C:\Users\Rene\brain.jpg
[2011.12.14 22:37:39 | 000,093,619 | ---- | C] () -- C:\Users\Rene\9c78c311-48107681.jpg
[2011.12.14 22:37:30 | 000,060,740 | ---- | C] () -- C:\Users\Rene\99396974-47150789.jpg
[2011.12.14 22:36:20 | 000,042,099 | ---- | C] () -- C:\Users\Rene\f5dd42dd-50549000.jpg
[2011.12.14 22:36:08 | 000,063,697 | ---- | C] () -- C:\Users\Rene\a651119a-49331701.jpg
[2011.12.14 22:36:01 | 000,042,339 | ---- | C] () -- C:\Users\Rene\6319fbe2-49618604.jpg
[2011.12.14 22:35:37 | 000,128,892 | ---- | C] () -- C:\Users\Rene\2e8ac64f-50596571.jpg
[2011.12.14 22:35:22 | 000,046,646 | ---- | C] () -- C:\Users\Rene\5ecaba72-50227818.jpg
[2011.12.13 22:18:59 | 000,051,677 | ---- | C] () -- C:\Users\Rene\sonnenuntergangfuwa.jpg
[2011.12.13 16:54:59 | 000,879,626 | ---- | C] () -- C:\Users\Rene\überweisung h&m.png
[2011.12.11 14:48:28 | 000,134,452 | ---- | C] () -- C:\Users\Rene\bass.jpg
[2011.12.11 12:31:30 | 000,414,579 | ---- | C] () -- C:\Users\Rene\DSC01193.JPG
[2011.12.10 18:04:20 | 000,029,861 | ---- | C] () -- C:\Users\Rene\1-fbdd820fd82160a6.jpg
[2011.12.07 19:29:45 | 003,025,423 | ---- | C] () -- C:\Users\Rene\DRUCK.pdf
[2011.12.07 17:10:32 | 003,025,358 | ---- | C] () -- C:\Users\Rene\zahnrad.pdf
[2011.12.07 17:03:23 | 001,204,700 | ---- | C] () -- C:\Users\Rene\anglieren.png
[2011.12.07 16:56:15 | 000,345,129 | ---- | C] () -- C:\Users\Rene\zahnrad vorher.jpg
[2011.12.07 00:04:43 | 002,401,709 | ---- | C] () -- C:\Users\Rene\zahnrad2.pdf
[2011.12.06 23:44:20 | 005,658,164 | ---- | C] () -- C:\Users\Rene\zahnrad2.odt
[2011.12.06 23:19:03 | 000,105,502 | ---- | C] () -- C:\Users\Rene\fräser.jpg
[2011.12.06 23:16:54 | 000,127,133 | ---- | C] () -- C:\Users\Rene\ausgestochen.jpg
[2011.12.06 23:04:12 | 000,165,621 | ---- | C] () -- C:\Users\Rene\ausstechen.jpg
[2011.12.06 22:57:13 | 000,142,967 | ---- | C] () -- C:\Users\Rene\feilhilfe.jpg
[2011.12.06 22:15:30 | 000,715,905 | ---- | C] () -- C:\Users\Rene\maßblech.png
[2011.12.06 22:05:47 | 000,110,602 | ---- | C] () -- C:\Users\Rene\anriss.jpg
[2011.12.06 21:40:58 | 000,284,015 | ---- | C] () -- C:\Users\Rene\schneeeeeeeeeeeee.jpg
[2011.12.05 22:32:00 | 000,194,697 | ---- | C] () -- C:\Users\Rene\url.jpg
[2011.12.05 22:32:00 | 000,169,372 | ---- | C] () -- C:\Users\Rene\url1.jpg
[2011.12.05 22:14:41 | 000,409,634 | ---- | C] () -- C:\Users\Rene\schnee.jpg
[2011.12.05 19:04:28 | 000,272,316 | ---- | C] () -- C:\Users\Rene\winkel31.png
[2011.12.05 18:59:17 | 000,270,662 | ---- | C] () -- C:\Users\Rene\winkel3.png
[2011.12.05 18:06:44 | 000,616,933 | ---- | C] () -- C:\Users\Rene\winkel2.png
[2011.12.05 17:53:46 | 000,659,670 | ---- | C] () -- C:\Users\Rene\winkel.png
[2011.12.05 17:39:03 | 002,334,405 | ---- | C] () -- C:\Users\Rene\Kleinbodenrad WINKEL2.jpg
[2011.12.05 17:30:43 | 002,271,001 | ---- | C] () -- C:\Users\Rene\Kleinhodenrad WINKEL.jpg
[2011.12.05 07:32:16 | 000,444,347 | ---- | C] () -- C:\Users\Rene\DSC01189.JPG
[2011.12.05 07:32:04 | 000,584,785 | ---- | C] () -- C:\Users\Rene\DSC01188.JPG
[2011.12.05 07:31:58 | 000,525,850 | ---- | C] () -- C:\Users\Rene\DSC01187.JPG
[2011.12.05 07:31:27 | 000,618,151 | ---- | C] () -- C:\Users\Rene\DSC01186.JPG
[2011.12.05 07:31:16 | 000,477,780 | ---- | C] () -- C:\Users\Rene\DSC01185.JPG
[2011.12.04 16:45:25 | 003,772,625 | ---- | C] () -- C:\Users\Rene\zahnrad.odt
[2011.11.28 23:16:31 | 000,186,065 | ---- | C] () -- C:\Users\Rene\sauf police.jpg
[2011.11.28 23:00:38 | 000,139,138 | ---- | C] () -- C:\Users\Rene\tobi.jpg
[2011.11.28 22:53:17 | 000,163,053 | ---- | C] () -- C:\Users\Rene\cup cakes.jpg
[2011.11.28 22:33:28 | 000,120,314 | ---- | C] () -- C:\Users\Rene\himmel1.jpg
[2011.11.28 00:41:25 | 000,102,560 | ---- | C] () -- C:\Users\Rene\unscharfklein.jpg
[2011.11.27 23:11:51 | 000,515,836 | ---- | C] () -- C:\Users\Rene\strandvilla.jpg
[2011.11.27 22:58:53 | 000,104,260 | ---- | C] () -- C:\Users\Rene\sonnenuntergang2.jpg
[2011.11.27 22:54:47 | 000,206,093 | ---- | C] () -- C:\Users\Rene\schiff leuchtturm.jpg
[2011.11.27 22:53:12 | 000,125,907 | ---- | C] () -- C:\Users\Rene\sonnenuntergang meer.jpg
[2011.11.27 22:51:30 | 000,370,274 | ---- | C] () -- C:\Users\Rene\sta barbara anna.jpg
[2011.11.27 19:56:10 | 000,195,734 | ---- | C] () -- C:\Users\Rene\altocumulus.jpg
[2011.11.23 21:38:04 | 000,393,990 | ---- | C] () -- C:\Users\Rene\DSC01176.JPG
[2011.11.23 21:38:03 | 000,441,398 | ---- | C] () -- C:\Users\Rene\DSC01174.JPG
[2011.11.23 21:38:03 | 000,429,692 | ---- | C] () -- C:\Users\Rene\DSC01175.JPG
[2011.11.23 21:36:28 | 000,160,417 | ---- | C] () -- C:\Users\Rene\DSC01177.JPG
[2011.11.23 21:06:53 | 000,097,103 | ---- | C] () -- C:\Users\Rene\ba1168dc-51317858.jpg
[2011.11.21 21:27:17 | 000,248,095 | ---- | C] () -- C:\Users\Rene\uhr.jpg
[2011.11.21 00:54:25 | 000,089,795 | ---- | C] () -- C:\Users\Rene\banana2.jpg
[2011.11.20 22:41:37 | 000,045,531 | ---- | C] () -- C:\Users\Rene\banana.jpg
[2011.11.20 17:43:19 | 000,139,240 | ---- | C] () -- C:\Users\Rene\unscharf2.jpg
[2011.11.19 23:37:07 | 000,687,178 | ---- | C] () -- C:\Users\Rene\schmetter.jpg
[2011.11.19 23:28:20 | 000,325,011 | ---- | C] () -- C:\Users\Rene\IMG_4931.jpg
[2011.11.19 23:13:25 | 000,238,443 | ---- | C] () -- C:\Users\Rene\DSC00905.JPG
[2011.11.19 23:06:36 | 000,195,494 | ---- | C] () -- C:\Users\Rene\DSC01067.JPG
[2011.11.19 23:00:11 | 000,269,211 | ---- | C] () -- C:\Users\Rene\DSC01132.JPG
[2011.11.19 22:59:53 | 000,266,072 | ---- | C] () -- C:\Users\Rene\DSC01131.JPG
[2011.11.19 22:54:40 | 000,395,297 | ---- | C] () -- C:\Users\Rene\DSC01142.JPG
[2011.11.19 22:48:40 | 000,359,743 | ---- | C] () -- C:\Users\Rene\DSC00753.JPG
[2011.11.19 22:46:30 | 000,333,421 | ---- | C] () -- C:\Users\Rene\DSC00760.JPG
[2011.11.19 22:46:02 | 000,527,430 | ---- | C] () -- C:\Users\Rene\DSC00759.JPG
[2011.11.19 22:45:08 | 000,308,565 | ---- | C] () -- C:\Users\Rene\DSC00738.JPG
[2011.11.19 22:43:12 | 000,399,343 | ---- | C] () -- C:\Users\Rene\DSC00731.JPG
[2011.11.19 22:40:54 | 000,395,121 | ---- | C] () -- C:\Users\Rene\DSC00075.JPG
[2011.11.19 22:31:12 | 000,388,082 | ---- | C] () -- C:\Users\Rene\mein haus.jpg
[2011.11.19 22:28:25 | 000,148,409 | ---- | C] () -- C:\Users\Rene\schneesonne.jpg
[2011.11.19 22:26:10 | 000,247,374 | ---- | C] () -- C:\Users\Rene\schneehaus.jpg
[2011.11.19 22:24:11 | 000,282,856 | ---- | C] () -- C:\Users\Rene\wasserfall.jpg
[2011.11.18 23:30:56 | 000,367,761 | ---- | C] () -- C:\Users\Rene\stadt3.jpg
[2011.11.18 23:29:56 | 000,452,393 | ---- | C] () -- C:\Users\Rene\stadt2.jpg
[2011.11.18 23:29:10 | 000,392,040 | ---- | C] () -- C:\Users\Rene\stadt1.jpg
[2011.11.18 23:27:41 | 000,490,522 | ---- | C] () -- C:\Users\Rene\sacre.jpg
[2011.11.18 22:58:05 | 000,182,979 | ---- | C] () -- C:\Users\Rene\statue taube.jpg
[2011.11.18 22:54:13 | 000,230,805 | ---- | C] () -- C:\Users\Rene\beide paris.jpg
[2011.11.18 22:48:34 | 000,525,086 | ---- | C] () -- C:\Users\Rene\sträucher.jpg
[2011.11.18 22:45:31 | 000,655,397 | ---- | C] () -- C:\Users\Rene\paris bäume.jpg
[2011.11.18 22:41:55 | 000,206,174 | ---- | C] () -- C:\Users\Rene\beide2.jpg
[2011.11.18 22:41:30 | 000,189,991 | ---- | C] () -- C:\Users\Rene\beide.jpg
[2011.11.18 22:38:29 | 000,504,537 | ---- | C] () -- C:\Users\Rene\kapp.jpg
[2011.11.18 22:36:11 | 000,153,388 | ---- | C] () -- C:\Users\Rene\unscharf1.jpg
[2011.11.18 22:31:42 | 000,544,400 | ---- | C] () -- C:\Users\Rene\ich ostsee lol.jpg
[2011.11.18 22:29:25 | 000,398,255 | ---- | C] () -- C:\Users\Rene\ich ostsee 1.jpg
[2011.11.18 22:25:26 | 000,301,317 | ---- | C] () -- C:\Users\Rene\leuchtturm haupt.jpg
[2011.11.18 22:23:13 | 000,234,523 | ---- | C] () -- C:\Users\Rene\leuchtturm rot.jpg
[2011.11.18 22:21:56 | 000,212,065 | ---- | C] () -- C:\Users\Rene\leuchtturm.jpg
[2011.11.18 22:19:39 | 000,278,529 | ---- | C] () -- C:\Users\Rene\strandkörbe.jpg
[2011.11.18 18:43:26 | 002,623,344 | ---- | C] () -- C:\Users\Rene\Nur Scheie in da Birne xdmp4 - (480 x 360).mp4
[2011.11.16 23:05:49 | 004,323,357 | ---- | C] () -- C:\Users\Rene\Wir lassen eine Spinne jumpenmp4 - (480 x 360).mp4
[2011.11.16 23:01:19 | 006,649,285 | ---- | C] () -- C:\Users\Rene\Ich glaub du blinkstmp4 - (480 x 360).mp4
[2011.11.16 22:51:26 | 004,020,863 | ---- | C] () -- C:\Users\Rene\Attack of the Pustebloommp4 - (480 x 360).mp4
[2011.11.16 22:43:38 | 013,702,352 | ---- | C] () -- C:\Users\Rene\NagerriegelXDmp4 - (480 x 360).mp4
[2011.11.16 19:15:40 | 000,103,384 | ---- | C] () -- C:\Users\Rene\bikini-vs-underwear.jpg
[2011.11.14 23:49:27 | 000,142,648 | ---- | C] () -- C:\Users\Rene\andrea2.rtf
[2011.11.14 22:01:26 | 000,286,946 | ---- | C] () -- C:\Users\Rene\name.jpg
[2011.11.14 21:57:51 | 000,400,547 | ---- | C] () -- C:\Users\Rene\face.jpg
[2011.11.14 18:35:11 | 000,381,077 | ---- | C] () -- C:\Users\Rene\DSC01170.JPG
[2011.11.13 23:10:46 | 000,018,112 | ---- | C] () -- C:\Users\Rene\andrea.rtf
[2011.11.06 23:03:32 | 000,089,370 | ---- | C] () -- C:\Users\Rene\1320613188836.jpg
[2011.10.13 18:06:50 | 001,590,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.07 22:49:56 | 000,240,424 | ---- | C] () -- C:\Users\Rene\avatar.png
[2011.09.30 14:38:49 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.27 18:06:40 | 000,000,434 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.09.05 23:12:03 | 000,007,606 | ---- | C] () -- C:\Users\Rene\AppData\Local\Resmon.ResmonCfg
[2011.09.05 22:39:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.29 23:36:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.08.23 14:43:31 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012.07.04 17:23:50 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Azureus
[2012.05.01 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\EDrawings
[2012.06.07 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\gtk-2.0
[2012.07.15 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ
[2012.02.12 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Iggels
[2011.12.06 21:51:10 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\OpenOffice.org
[2012.01.22 14:47:04 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Trine2
[2012.06.14 18:54:37 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Waveform
[2012.07.14 11:19:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

sulpher · Jul 16, 2012

OTL Extras logfile created on: 16.07.2012 09:51:14 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rene\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,12 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 62,87% Memory free
6,24 Gb Paging File | 4,97 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,41 Gb Total Space | 25,63 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 2,21 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
Drive E: | 107,91 Gb Total Space | 89,33 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
Drive F: | 8,55 Gb Total Space | 8,46 Gb Free Space | 99,02% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 13,07 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
Drive H: | 265,57 Gb Total Space | 3,57 Gb Free Space | 1,34% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 167,64 Gb Free Space | 18,00% Space Free | Partition Type: FAT32

Computer Name: CHRONOS | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF128FA5-B6D7-4A6A-9140-7B9AB19CEC12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE268F51-FDCC-43F6-BEF0-332E16E434D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{11108E58-EEF7-49D4-99FF-CE5A7BB902A6}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{70E56B05-D0AF-4A50-9DA1-836B6076FC33}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{455804F2-70A9-46BD-BEB8-957000EC20D4}" = SolidWorks eDrawings 2011 x64 Edition SP02
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP02
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53480060-85DE-4F43-9AFE-6E9D8FB8F2C1}" = O&O SafeErase
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Black Prophecy_is1" = Black Prophecy
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.18
"No23 Recorder" = No23 Recorder
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SolidWorks Installation Manager 20110-40200-1100-100" = SolidWorks 2011 x64 Edition SP02
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 207610" = The Walking Dead
"Steam App 440" = Team Fortress 2
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 45740" = Dead Rising 2
"Steam App 48000" = LIMBO
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.07.2012 16:05:20 | Computer Name = Chronos | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 12.07.2012 08:24:39 | Computer Name = Chronos | Source = Windows Search Service | ID = 3100
Description =

Error - 12.07.2012 08:37:49 | Computer Name = Chronos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
0x8c8 Startzeit der fehlerhaften Anwendung: 0x01cd602b1be8de5e Pfad der fehlerhaften
Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 633b6e70-cc1e-11e1-ade7-0013d3b089a0

Error - 12.07.2012 08:37:49 | Computer Name = Chronos | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

Programm:
FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0

Error - 12.07.2012 10:50:54 | Computer Name = Chronos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
0x99c Startzeit der fehlerhaften Anwendung: 0x01cd603db935365a Pfad der fehlerhaften
Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: facd8036-cc30-11e1-9e28-0013d3b089a0

Error - 12.07.2012 10:50:54 | Computer Name = Chronos | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

Programm:
FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0

Error - 12.07.2012 11:03:43 | Computer Name = Chronos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
0x82c Startzeit der fehlerhaften Anwendung: 0x01cd603f7d72e3e0 Pfad der fehlerhaften
Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c50bef76-cc32-11e1-a6a8-0013d3b089a0

Error - 12.07.2012 11:03:43 | Computer Name = Chronos | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

Programm:
FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0

Error - 13.07.2012 12:50:11 | Computer Name = Chronos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
0x9e0 Startzeit der fehlerhaften Anwendung: 0x01cd61178ed6aa6c Pfad der fehlerhaften
Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: cf0bb5e6-cd0a-11e1-9e2f-0013d3b089a0

Error - 13.07.2012 12:50:11 | Computer Name = Chronos | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

Programm:
FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0

[ System Events ]
Error - 30.04.2012 12:01:06 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 30.04.2012 16:03:29 | Computer Name = Chronos | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 01.05.2012 04:10:21 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 01.05.2012 06:04:34 | Computer Name = Chronos | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 01.05.2012 10:08:30 | Computer Name = Chronos | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 02.05.2012 06:17:17 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 02.05.2012 10:57:11 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 03.05.2012 09:08:34 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 03.05.2012 14:31:57 | Computer Name = Chronos | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 04.05.2012 06:28:23 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

< End of report >

sulpher · Jul 16, 2012

what are those "trusted domains" in that scan?
I.e. O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

I never visited those sites - never even heard of them

Broni · Jul 16, 2012

We'll remove them.
Putting anything in trusted zone is not a good idea in general.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: sony.com ([]* in )

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

sulpher · Jul 17, 2012

hey, I pasted the script into OTL and clicked "run fix". it shows "processing O4 - HKU\S-1-5-21..................." etc. pp. at the bottom of the window - but nothing else happens. it's "running" for 2 hours now and nothing happenes - seems to be frozen. is it save to restart my pc?

Broni · Jul 17, 2012

Run the fix from safe mode.

sulpher · Jul 21, 2012

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rene
->Temp folder emptied: 5838649 bytes
->Temporary Internet Files folder emptied: 9812221 bytes
->Java cache emptied: 1689329 bytes
->FireFox cache emptied: 642411567 bytes
->Flash cache emptied: 224691 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41100 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 393102969 bytes

Total Files Cleaned = 1.004,00 mb

sulpher · Jul 21, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.3.300.265
Mozilla Firefox (x86 de..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

sulpher · Jul 21, 2012

Farbar Service Scanner Version: 19-07-2012
Ran by Rene (administrator) on 21-07-2012 at 17:16:34
Running from "C:\Users\Rene\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

sulpher · Jul 21, 2012

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{fe12307a-d93b-c855-ecab-5fb11141fa17}\U\trz37B4.tmp Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Rene\AppData\Roaming\trz4F16.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.GLCTBYX trojan cleaned by deleting - quarantined

Broni · Jul 21, 2012

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

===========================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

sulpher · Jul 26, 2012

Have updated Java and deleted the old versions.
Proceeding with the corrupt registry key now.

Broni · Jul 26, 2012

OK....

Broni · Jul 31, 2012

Still with me?

Inactive [A] Win32:malware-gen

Broni

Posts: 56,041 +516

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

Broni

Posts: 56,041 +516

sulpher

Posts: 30 +0

Broni

Posts: 56,041 +516

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

sulpher

Posts: 30 +0

Broni

Posts: 56,041 +516

sulpher

Posts: 30 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts