[A] Win32:malware-gen

Inactive
By sulpher
Jul 12, 2012
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    That item has been already quarantined by FRST so you're OK.

    I still need OTL log.
  2. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    oh yeah, sorry! here it is:

    OTL logfile created on: 16.07.2012 09:51:14 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rene\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,12 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 62,87% Memory free
    6,24 Gb Paging File | 4,97 Gb Available in Paging File | 79,54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,41 Gb Total Space | 25,63 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
    Drive D: | 4,88 Gb Total Space | 2,21 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
    Drive E: | 107,91 Gb Total Space | 89,33 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
    Drive F: | 8,55 Gb Total Space | 8,46 Gb Free Space | 99,02% Space Free | Partition Type: NTFS
    Drive G: | 195,31 Gb Total Space | 13,07 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
    Drive H: | 265,57 Gb Total Space | 3,57 Gb Free Space | 1,34% Space Free | Partition Type: NTFS


    Computer Name: CHRONOS | User Name: Rene | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.07.16 09:49:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Downloads\OTL.exe
    PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
    PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011.10.01 17:16:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011.03.11 17:26:56 | 002,240,512 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
    PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
    PRC - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
    PRC - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011.12.06 21:50:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011.03.11 17:26:56 | 002,240,512 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
    MOD - [2009.12.22 12:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
    MOD - [2009.12.22 12:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
    MOD - [2009.12.22 12:30:36 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK.dll
    MOD - [2009.12.22 12:30:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
    MOD - [2009.12.22 12:30:30 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\GerRes.dll
    MOD - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
    MOD - [1998.10.31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBManage.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012.06.18 16:03:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.01.22 13:52:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011.10.01 17:16:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011.09.30 14:26:13 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2011.09.30 14:26:12 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2011.01.08 08:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.12.22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
    DRV - [2009.12.22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
    DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007.03.16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 0E A9 69 2E B4 CC 01 [binary data]
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
    IE - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
    FF - prefs.js..network.proxy.http: "84.32.47.220"
    FF - prefs.js..network.proxy.http_port: 3128


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.12 14:07:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:03:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011.08.23 14:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
    [2012.07.01 22:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\896b39mj.default\extensions
    [2012.06.07 23:03:00 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\896b39mj.default\extensions\ich@maltegoetz.de
    [2012.07.12 12:59:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\896b39mj.default\searchplugins\icqplugin-1.xml
    [2012.01.28 12:50:30 | 000,001,056 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\896b39mj.default\searchplugins\icqplugin.xml
    [2012.04.25 15:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.07.12 14:07:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012.06.18 16:03:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011.10.03 12:10:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.10.03 12:10:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011.10.03 12:10:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2011.10.03 12:10:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.10.03 12:10:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.10.03 12:10:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

    O1 HOSTS File: ([2012.07.14 12:53:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
    O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
    O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: sony.com ([]* in )
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{713D2C9B-4EE0-4E6E-BDDD-0B5288B62238}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.07.14 14:38:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012.07.14 12:51:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012.07.14 12:41:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.07.14 12:41:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.07.14 12:41:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.07.14 12:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.07.14 12:33:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012.07.14 12:22:31 | 004,577,833 | R--- | C] (Swearware) -- C:\Users\Rene\Desktop\ComboFix.exe
    [2012.07.14 12:03:41 | 000,000,000 | ---D | C] -- C:\Windows\rescache
    [2012.07.13 18:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D146B00097B8A026961ECF875EF60
    [2012.07.13 04:14:48 | 000,000,000 | ---D | C] -- C:\FRST
    [2012.07.12 14:07:20 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012.07.12 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
    [2012.07.12 13:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.07.12 13:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.07.12 13:13:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.07.12 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012.07.12 13:12:02 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup-1.62.0.1300.exe
    [2012.07.03 19:23:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\Vuze Downloads
    [2012.06.24 12:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OO Software
    [2012.06.24 12:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  3. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    ========== Files - Modified Within 30 Days ==========

    [2012.07.16 09:17:34 | 000,020,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.07.16 09:17:34 | 000,020,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.07.16 09:16:58 | 001,612,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.07.16 09:16:58 | 000,696,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.07.16 09:16:58 | 000,652,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.07.16 09:16:58 | 000,148,064 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.07.16 09:16:58 | 000,121,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.07.16 09:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.07.16 09:09:35 | 2514,608,128 | -HS- | M] () -- C:\hiberfil.sys
    [2012.07.14 12:53:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.07.14 12:21:16 | 004,577,833 | R--- | M] (Swearware) -- C:\Users\Rene\Desktop\ComboFix.exe
    [2012.07.12 17:19:20 | 000,302,592 | ---- | M] () -- C:\Users\Rene\Desktop\72q5cdld.exe
    [2012.07.12 14:07:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012.07.12 13:55:01 | 000,318,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.07.12 13:13:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.07.12 13:12:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup-1.62.0.1300.exe
    [2012.07.10 21:58:20 | 000,070,903 | ---- | M] () -- C:\Users\Rene\Desktop\url.png
    [2012.07.09 22:32:06 | 000,202,389 | ---- | M] () -- C:\Users\Rene\1341846632725.png
    [2012.07.09 20:56:40 | 000,033,094 | ---- | M] () -- C:\Users\Rene\ticket_7350.pdf
    [2012.07.09 20:56:27 | 000,033,097 | ---- | M] () -- C:\Users\Rene\ticket_7349.pdf
    [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.07.01 17:50:30 | 000,001,273 | ---- | M] () -- C:\Users\Rene\Documents\schleif.rtf
    [2012.06.30 14:05:18 | 000,000,823 | ---- | M] () -- C:\Users\Rene\.recently-used.xbel
    [2012.06.29 22:36:43 | 000,510,073 | ---- | M] () -- C:\Users\Rene\Desktop\1341000156652.jpg
    [2012.06.28 22:00:42 | 000,053,351 | ---- | M] () -- C:\Users\Rene\Desktop\scriptcrumb.jpg
    [2012.06.27 22:19:58 | 000,048,605 | ---- | M] () -- C:\Users\Rene\Desktop\1340820188019.jpg
    [2012.06.25 21:59:15 | 000,085,439 | ---- | M] () -- C:\Users\Rene\Desktop\1340649571483.jpg
    [2012.06.24 14:50:17 | 000,391,874 | ---- | M] () -- C:\Users\Rene\bontides.png
    [2012.06.20 20:36:38 | 000,310,483 | ---- | M] () -- C:\Users\Rene\typ.png
    [2012.06.19 20:26:49 | 965,612,406 | ---- | M] () -- C:\Users\Rene\Peaceful Solitude Mix - video.mp4
    [2012.06.18 21:25:37 | 000,050,111 | ---- | M] () -- C:\Users\Rene\schleifenpups.jpg
    [2012.06.18 20:09:18 | 000,090,234 | ---- | M] () -- C:\Users\Rene\Desktop\1340031247886.jpg
    [2012.06.18 18:44:27 | 588,432,650 | ---- | M] () -- C:\Users\Rene\Forgotten Dreams Mix - video.mp4
    [2012.06.17 22:20:38 | 000,184,411 | ---- | M] () -- C:\Users\Rene\Desktop\1339963516272.jpg
    [2012.06.17 12:38:33 | 000,009,809 | ---- | M] () -- C:\Users\Rene\index.jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.07.14 12:41:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.07.14 12:41:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.07.14 12:41:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.07.14 12:41:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.07.14 12:41:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.07.12 17:19:18 | 000,302,592 | ---- | C] () -- C:\Users\Rene\Desktop\72q5cdld.exe
    [2012.07.12 13:13:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.07.10 21:58:20 | 000,070,903 | ---- | C] () -- C:\Users\Rene\Desktop\url.png
    [2012.07.09 22:29:38 | 000,202,389 | ---- | C] () -- C:\Users\Rene\1341846632725.png
    [2012.07.09 20:56:38 | 000,033,094 | ---- | C] () -- C:\Users\Rene\ticket_7350.pdf
    [2012.07.09 20:56:24 | 000,033,097 | ---- | C] () -- C:\Users\Rene\ticket_7349.pdf
    [2012.07.01 17:50:29 | 000,001,273 | ---- | C] () -- C:\Users\Rene\Documents\schleif.rtf
    [2012.06.30 14:05:18 | 000,000,823 | ---- | C] () -- C:\Users\Rene\.recently-used.xbel
    [2012.06.29 22:36:43 | 000,510,073 | ---- | C] () -- C:\Users\Rene\Desktop\1341000156652.jpg
    [2012.06.28 22:00:42 | 000,053,351 | ---- | C] () -- C:\Users\Rene\Desktop\scriptcrumb.jpg
    [2012.06.27 22:19:55 | 000,048,605 | ---- | C] () -- C:\Users\Rene\Desktop\1340820188019.jpg
    [2012.06.25 21:59:15 | 000,085,439 | ---- | C] () -- C:\Users\Rene\Desktop\1340649571483.jpg
    [2012.06.24 14:50:17 | 000,391,874 | ---- | C] () -- C:\Users\Rene\bontides.png
    [2012.06.20 20:36:38 | 000,310,483 | ---- | C] () -- C:\Users\Rene\typ.png
    [2012.06.19 20:17:30 | 965,612,406 | ---- | C] () -- C:\Users\Rene\Peaceful Solitude Mix - video.mp4
    [2012.06.18 21:25:36 | 000,050,111 | ---- | C] () -- C:\Users\Rene\schleifenpups.jpg
    [2012.06.18 20:09:18 | 000,090,234 | ---- | C] () -- C:\Users\Rene\Desktop\1340031247886.jpg
    [2012.06.18 18:32:51 | 588,432,650 | ---- | C] () -- C:\Users\Rene\Forgotten Dreams Mix - video.mp4
    [2012.06.17 22:20:38 | 000,184,411 | ---- | C] () -- C:\Users\Rene\Desktop\1339963516272.jpg
    [2012.06.17 12:38:28 | 000,009,809 | ---- | C] () -- C:\Users\Rene\index.jpg
    [2012.06.12 22:31:24 | 000,188,555 | ---- | C] () -- C:\Users\Rene\1339523964212.jpg
    [2012.06.09 22:45:40 | 000,086,239 | ---- | C] () -- C:\Users\Rene\ricekrispy_edited-1.jpg
    [2012.06.09 00:43:57 | 000,074,894 | ---- | C] () -- C:\Users\Rene\eva explosion.jpg
    [2012.06.09 00:42:51 | 000,009,004 | ---- | C] () -- C:\Users\Rene\220px-Operation_Upshot-Knothole_-_Badger_001.jpg
    [2012.06.08 18:52:19 | 000,066,378 | ---- | C] () -- C:\Users\Rene\06bc0b89-53037387.jpg
    [2012.06.08 17:53:57 | 000,042,728 | ---- | C] () -- C:\Users\Rene\20a74911-54671067.jpg
    [2012.06.08 15:37:30 | 000,077,308 | ---- | C] () -- C:\Users\Rene\6e5e3fde-54095745.jpg
    [2012.06.07 20:20:27 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012.06.07 00:26:46 | 000,039,476 | ---- | C] () -- C:\Users\Rene\e1ef29db-55911641.jpg
    [2012.05.21 18:48:11 | 000,064,795 | ---- | C] () -- C:\Users\Rene\Tierärztin.png
    [2012.05.18 16:59:49 | 000,036,023 | ---- | C] () -- C:\Users\Rene\farbpalette.png
    [2012.05.18 15:38:56 | 000,305,076 | ---- | C] () -- C:\Users\Rene\desktop.jpg
    [2012.05.17 22:14:29 | 000,070,560 | ---- | C] () -- C:\Users\Rene\schleifi2.jpg
    [2012.05.17 22:14:18 | 000,066,816 | ---- | C] () -- C:\Users\Rene\schleifi1.jpg
    [2012.05.17 20:53:49 | 000,053,027 | ---- | C] () -- C:\Users\Rene\schleifenfaust2.jpg
    [2012.05.17 00:02:23 | 001,194,127 | ---- | C] () -- C:\Users\Rene\desktop.png
    [2012.05.16 20:43:12 | 001,454,563 | ---- | C] () -- C:\Users\Rene\show_img_test.php.jpg
    [2012.05.15 23:16:26 | 000,062,590 | ---- | C] () -- C:\Users\Rene\398230_327793783942546_176890359032890_816253_1356288693_n.jpg
    [2012.05.15 23:15:09 | 000,025,610 | ---- | C] () -- C:\Users\Rene\1332561192815.jpg
    [2012.05.15 23:14:19 | 000,042,365 | ---- | C] () -- C:\Users\Rene\1332962720631.jpg
    [2012.05.15 23:04:37 | 001,685,468 | ---- | C] () -- C:\Users\Rene\_MG_1198 copy.png_effected-001 copy.png
    [2012.05.15 22:57:22 | 000,263,880 | ---- | C] () -- C:\Users\Rene\4018627_460s.jpg
    [2012.05.15 22:40:12 | 000,076,089 | ---- | C] () -- C:\Users\Rene\535512_337444079650896_245932432135395_916449_1651502589_n.jpg
    [2012.05.15 21:20:18 | 000,518,805 | ---- | C] () -- C:\Users\Rene\DSC01276.JPG
    [2012.05.15 21:20:18 | 000,420,570 | ---- | C] () -- C:\Users\Rene\DSC01278.JPG
    [2012.05.15 21:20:18 | 000,378,607 | ---- | C] () -- C:\Users\Rene\DSC01279.JPG
    [2012.05.15 21:18:20 | 000,711,111 | ---- | C] () -- C:\Users\Rene\DSC01280.JPG
    [2012.05.15 19:30:13 | 000,012,793 | ---- | C] () -- C:\Users\Rene\webscr.htm
    [2012.05.08 20:49:33 | 000,071,688 | ---- | C] () -- C:\Users\Rene\382842_310130242352503_100000665887016_1015487_1877544522_n.jpg
    [2012.05.07 20:40:15 | 000,138,632 | ---- | C] () -- C:\Users\Rene\398173308.htm
    [2012.05.07 17:13:24 | 000,120,519 | ---- | C] () -- C:\Users\Rene\dvuqtyz4.jpg
    [2012.05.05 18:26:51 | 119,742,789 | ---- | C] () -- C:\Users\Rene\ISIS 20 Minutes 40 Years Official Video - (1280 x 720).mp4
    [2012.05.05 15:36:05 | 000,072,272 | ---- | C] () -- C:\Users\Rene\b89cf15c-55142163.jpg
    [2012.05.04 20:29:25 | 000,062,012 | ---- | C] () -- C:\Users\Rene\318104_399836750046689_118122788_n.jpg
    [2012.05.04 18:07:25 | 000,063,006 | ---- | C] () -- C:\Users\Rene\abaaea10-55154951.jpg
    [2012.05.03 20:19:17 | 000,058,744 | ---- | C] () -- C:\Users\Rene\schleifenfaust.jpg
    [2012.04.30 20:00:13 | 000,059,513 | ---- | C] () -- C:\Users\Rene\aa6b3f89-55052742.jpg
    [2012.04.30 20:00:05 | 000,050,167 | ---- | C] () -- C:\Users\Rene\e2ac6f69-55060784.jpg
    [2012.04.30 19:59:55 | 000,045,472 | ---- | C] () -- C:\Users\Rene\d70e45e6-55060861.jpg
    [2012.04.29 21:48:30 | 000,290,898 | ---- | C] () -- C:\Users\Rene\spirale3.jpg
    [2012.04.29 21:48:05 | 000,293,630 | ---- | C] () -- C:\Users\Rene\spirale2.jpg
    [2012.04.29 21:47:27 | 000,100,667 | ---- | C] () -- C:\Users\Rene\spirale.jpg
    [2012.04.29 21:44:29 | 000,119,214 | ---- | C] () -- C:\Users\Rene\zifferblattsäule2.jpg
    [2012.04.29 21:41:30 | 000,305,883 | ---- | C] () -- C:\Users\Rene\zifferblattsäule.jpg
    [2012.04.29 21:32:47 | 000,065,469 | ---- | C] () -- C:\Users\Rene\zifferblatt.jpg
    [2012.04.29 21:17:14 | 000,248,917 | ---- | C] () -- C:\Users\Rene\attachment2.jpg
    [2012.04.29 21:17:14 | 000,149,603 | ---- | C] () -- C:\Users\Rene\attachment.jpg
    [2012.04.27 18:06:56 | 000,376,510 | ---- | C] () -- C:\Users\Rene\DSC01264.JPG
    [2012.04.27 18:06:44 | 000,366,324 | ---- | C] () -- C:\Users\Rene\DSC01263.JPG
    [2012.04.26 20:19:35 | 000,065,962 | ---- | C] () -- C:\Users\Rene\6d8c5095-54945399.jpg
    [2012.04.25 19:20:12 | 000,163,344 | ---- | C] () -- C:\Users\Rene\415415.jpg
    [2012.04.25 19:20:03 | 000,115,511 | ---- | C] () -- C:\Users\Rene\54646.jpg
    [2012.04.25 19:19:41 | 000,211,245 | ---- | C] () -- C:\Users\Rene\l.php.jpg
    [2012.04.23 19:03:44 | 000,084,025 | ---- | C] () -- C:\Users\Rene\1335200520025.jpg
    [2012.04.23 18:47:09 | 000,958,878 | ---- | C] () -- C:\Users\Rene\evalein2.jpg
    [2012.04.23 18:45:57 | 000,959,929 | ---- | C] () -- C:\Users\Rene\evalein.jpg
    [2012.04.23 12:54:20 | 000,678,445 | ---- | C] () -- C:\Users\Rene\WORKOUT.jpg
    [2012.04.22 21:24:13 | 000,132,234 | ---- | C] () -- C:\Users\Rene\Hundehalter.jpg
    [2012.04.22 20:54:50 | 000,340,761 | ---- | C] () -- C:\Users\Rene\p2.jpg
    [2012.04.22 20:54:40 | 000,571,955 | ---- | C] () -- C:\Users\Rene\p1.jpg
    [2012.04.20 23:56:56 | 000,205,412 | ---- | C] () -- C:\Users\Rene\altocumulus2.jpg
    [2012.04.19 20:41:17 | 000,098,557 | ---- | C] () -- C:\Users\Rene\imgur-rhcj6.jpg
    [2012.04.19 19:09:08 | 000,055,317 | ---- | C] () -- C:\Users\Rene\664a2928-50325325.jpg
    [2012.04.19 19:08:26 | 000,056,811 | ---- | C] () -- C:\Users\Rene\d1e8028c-50960234.jpg
    [2012.04.19 16:06:19 | 000,061,563 | ---- | C] () -- C:\Users\Rene\cowmangler.jpg
    [2012.04.18 12:29:38 | 000,038,410 | ---- | C] () -- C:\Users\Rene\389769_387157364647961_100000611016461_85238660_1213619422_n.jpg
    [2012.04.18 12:28:31 | 000,056,809 | ---- | C] () -- C:\Users\Rene\562626_387182451312119_100000611016461_85238704_1522300794_n.jpg
    [2012.04.17 21:13:03 | 000,026,576 | ---- | C] () -- C:\Users\Rene\speed.jpg
    [2012.04.15 12:53:33 | 000,031,675 | ---- | C] () -- C:\Users\Rene\winkelklein.png
    [2012.04.15 00:02:33 | 000,104,014 | ---- | C] () -- C:\Users\Rene\skittles2.htm
    [2012.04.15 00:02:19 | 000,224,542 | ---- | C] () -- C:\Users\Rene\skittles1.htm
    [2012.04.14 13:02:21 | 000,746,219 | ---- | C] () -- C:\Users\Rene\DSC01260.JPG
    [2012.04.14 00:41:14 | 000,012,300 | ---- | C] () -- C:\Users\Rene\8i9a8lxe.jpg
    [2012.04.14 00:37:14 | 000,040,824 | ---- | C] () -- C:\Users\Rene\398713_383063185042856_226210720728104_1693591_1828251523_n.jpg
    [2012.04.14 00:30:42 | 000,056,911 | ---- | C] () -- C:\Users\Rene\295254_279226372154494_100002014006398_636583_1824644190_n.jpg
    [2012.04.14 00:29:23 | 000,940,040 | ---- | C] () -- C:\Users\Rene\Ich,fett,baby.jpg.jpg
    [2012.04.14 00:26:44 | 000,515,578 | ---- | C] () -- C:\Users\Rene\Schnappschuss von mir 105.png
    [2012.04.14 00:22:00 | 000,593,723 | ---- | C] () -- C:\Users\Rene\1334355016517.png
    [2012.04.14 00:18:20 | 000,779,481 | ---- | C] () -- C:\Users\Rene\3771553_700b.jpg
    [2012.04.14 00:15:43 | 000,155,365 | ---- | C] () -- C:\Users\Rene\3812620_460s.jpg
    [2012.04.13 23:09:20 | 000,022,363 | ---- | C] () -- C:\Users\Rene\375062_327128957342362_176890359032890_814726_1669145898_n.jpg
    [2012.04.13 23:08:59 | 000,027,802 | ---- | C] () -- C:\Users\Rene\540774_324013327653925_176890359032890_806362_1312153705_n.jpg
    [2012.04.13 23:08:55 | 000,024,198 | ---- | C] () -- C:\Users\Rene\529284_359603107414830_100000954326565_1018927_214261335_n.jpg
    [2012.04.13 19:45:26 | 000,200,949 | ---- | C] () -- C:\Users\Rene\himmelstrahlen.jpg
    [2012.04.13 12:42:40 | 000,365,025 | ---- | C] () -- C:\Users\Rene\DSC01259.JPG
    [2012.04.13 12:42:35 | 000,395,351 | ---- | C] () -- C:\Users\Rene\DSC01258.JPG
    [2012.04.13 12:42:23 | 000,373,466 | ---- | C] () -- C:\Users\Rene\DSC01257.JPG
    [2012.04.13 09:15:42 | 000,453,932 | ---- | C] () -- C:\Users\Rene\DSC01255.JPG
    [2012.04.13 09:15:32 | 000,411,100 | ---- | C] () -- C:\Users\Rene\DSC01254.JPG
    [2012.04.13 09:15:26 | 000,436,758 | ---- | C] () -- C:\Users\Rene\DSC01253.JPG
    [2012.04.10 11:54:55 | 000,672,629 | ---- | C] () -- C:\Users\Rene\DSC01252.JPG
    [2012.03.30 20:22:54 | 000,204,375 | ---- | C] () -- C:\Users\Rene\eva zug.jpg
    [2012.03.25 19:37:44 | 005,062,554 | ---- | C] () -- C:\Users\Rene\8czqr7f5.bmp
    [2012.03.25 11:27:36 | 000,438,909 | ---- | C] () -- C:\Users\Rene\DSC01249.JPG
    [2012.03.25 11:27:25 | 000,524,338 | ---- | C] () -- C:\Users\Rene\DSC01248.JPG
    [2012.03.24 16:10:41 | 000,138,463 | ---- | C] () -- C:\Users\Rene\HATERS GONNA HATE.jpg
    [2012.03.24 01:04:35 | 000,740,511 | ---- | C] () -- C:\Users\Rene\Abb 023.jpg
    [2012.03.23 23:46:18 | 000,043,378 | ---- | C] () -- C:\Users\Rene\1332505444704.jpg
    [2012.03.23 23:39:18 | 000,021,752 | ---- | C] () -- C:\Users\Rene\1332505658412.jpg
    [2012.03.11 12:59:25 | 000,090,867 | ---- | C] () -- C:\Users\Rene\hmprod.jpg
    [2012.03.10 17:40:24 | 002,791,696 | ---- | C] () -- C:\Users\Rene\benpowellmusic video - 2.mp3
    [2012.03.10 17:40:06 | 004,981,900 | ---- | C] () -- C:\Users\Rene\benpowellmusic video - 1.mp3
    [2012.03.10 17:39:36 | 002,880,731 | ---- | C] () -- C:\Users\Rene\benpowellmusic video.mp3
    [2012.03.09 23:30:05 | 000,032,674 | ---- | C] () -- C:\Users\Rene\Eine Unruh-Welle.jpg
    [2012.03.06 16:33:09 | 000,191,177 | ---- | C] () -- C:\Users\Rene\cyber.jpg
    [2012.03.03 15:16:55 | 000,510,925 | ---- | C] () -- C:\Users\Rene\DSC01225.JPG
    [2012.03.03 15:16:55 | 000,440,307 | ---- | C] () -- C:\Users\Rene\DSC01226.JPG
    [2012.03.03 15:16:55 | 000,163,540 | ---- | C] () -- C:\Users\Rene\DSC01224.JPG
    [2012.02.26 18:27:14 | 000,865,547 | ---- | C] () -- C:\Users\Rene\DSC01223.JPG
    [2012.02.26 18:26:44 | 000,913,488 | ---- | C] () -- C:\Users\Rene\DSC01222.JPG
    [2012.02.26 18:26:33 | 000,915,878 | ---- | C] () -- C:\Users\Rene\DSC01221.JPG
    [2012.02.26 18:26:20 | 000,971,673 | ---- | C] () -- C:\Users\Rene\DSC01220.JPG
    [2012.02.26 16:25:50 | 000,222,132 | ---- | C] () -- C:\Users\Rene\DSC01218.JPG
    [2012.02.26 16:25:37 | 000,312,218 | ---- | C] () -- C:\Users\Rene\DSC01217.JPG
    [2012.02.26 16:09:14 | 000,171,423 | ---- | C] () -- C:\Users\Rene\DSC01216.JPG
    [2012.02.25 02:19:07 | 000,159,398 | ---- | C] () -- C:\Users\Rene\d67fc631-53531141.jpg
    [2012.02.25 00:30:02 | 000,201,176 | ---- | C] () -- C:\Users\Rene\philipp.jpg
    [2012.02.25 00:15:04 | 000,195,423 | ---- | C] () -- C:\Users\Rene\retrorot.JPG
    [2012.02.24 22:33:03 | 000,573,812 | ---- | C] () -- C:\Users\Rene\graham.jpg
    [2012.02.24 19:54:55 | 000,195,234 | ---- | C] () -- C:\Users\Rene\retro.JPG
    [2012.02.23 22:52:39 | 000,183,856 | ---- | C] () -- C:\Users\Rene\e7bc287f-53499507.jpg
    [2012.02.23 22:50:06 | 000,168,287 | ---- | C] () -- C:\Users\Rene\5bec0a49-53499407.jpg
    [2012.02.23 22:38:46 | 000,197,017 | ---- | C] () -- C:\Users\Rene\0c57cab8-53498978.jpg
    [2012.02.23 22:29:53 | 000,168,099 | ---- | C] () -- C:\Users\Rene\e0111d34-53498614.jpg
    [2012.02.15 14:36:24 | 000,537,674 | ---- | C] () -- C:\Users\Rene\DSC01213.JPG
    [2012.02.15 14:36:24 | 000,504,461 | ---- | C] () -- C:\Users\Rene\DSC01212.JPG
    [2012.02.14 17:21:03 | 004,607,580 | ---- | C] () -- C:\Users\Rene\loadup video.mp4
    [2012.02.05 02:16:39 | 000,177,032 | ---- | C] () -- C:\Users\Rene\TheKraken_Storyboard.jpg
    [2012.02.05 02:15:06 | 000,095,349 | ---- | C] () -- C:\Users\Rene\corgi-release-the-kraken.jpg
    [2012.02.03 18:06:16 | 000,062,728 | ---- | C] () -- C:\Users\Rene\378656245.htm
    [2012.01.31 00:17:09 | 000,080,141 | ---- | C] () -- C:\Users\Rene\mof5lrhq.jpg
    [2012.01.29 17:42:22 | 000,277,650 | ---- | C] () -- C:\Users\Rene\cupcakes.jpg
    [2012.01.27 16:32:05 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\Temptable.xml
    [2012.01.25 22:21:44 | 000,000,799 | ---- | C] () -- C:\Users\Rene\combustion.rtf
    [2012.01.25 21:16:35 | 000,024,693 | ---- | C] () -- C:\Users\Rene\egt.odt
    [2012.01.23 21:45:11 | 011,946,207 | ---- | C] () -- C:\Users\Rene\camelmedia video.mp4
    [2012.01.23 20:21:58 | 000,498,899 | ---- | C] () -- C:\Users\Rene\Muffins.jpg
    [2012.01.23 17:25:55 | 000,633,057 | ---- | C] () -- C:\Users\Rene\DSC01210.JPG
    [2012.01.23 17:25:47 | 000,633,637 | ---- | C] () -- C:\Users\Rene\DSC01209.JPG
    [2012.01.23 17:25:36 | 000,682,370 | ---- | C] () -- C:\Users\Rene\DSC01208.JPG
    [2012.01.23 17:25:26 | 000,881,884 | ---- | C] () -- C:\Users\Rene\DSC01207.JPG
    [2012.01.22 22:01:06 | 000,125,616 | ---- | C] () -- C:\Users\Rene\swordless.jpg
    [2012.01.21 21:56:31 | 001,389,037 | ---- | C] () -- C:\Users\Rene\Sulpher Interview Schwarze Seiten 2002 Mera Luna - video.flv
    [2012.01.21 18:39:41 | 019,287,426 | ---- | C] () -- C:\Users\Rene\myspacecdn video.flv
    [2012.01.21 01:14:10 | 000,155,291 | ---- | C] () -- C:\Users\Rene\schuh.jpg
    [2012.01.21 00:24:11 | 000,000,889 | ---- | C] () -- C:\Users\Rene\parapsych.rtf
    [2012.01.20 19:57:55 | 000,072,565 | ---- | C] () -- C:\Users\Rene\euphorie euphorie.jpg
    [2012.01.20 18:17:16 | 000,179,100 | ---- | C] () -- C:\Users\Rene\beavis-selbstgemacht.jpg
    [2012.01.20 00:28:58 | 235,993,111 | ---- | C] () -- C:\Users\Rene\serveronline video.mp4
    [2012.01.18 14:48:36 | 000,054,680 | ---- | C] () -- C:\Users\Rene\sulpherlogo.jpg
    [2012.01.17 23:42:43 | 000,236,223 | ---- | C] () -- C:\Users\Rene\ZBhermle.jpg
    [2012.01.16 23:35:59 | 000,011,196 | ---- | C] () -- C:\Users\Rene\1326747601197.jpg
    [2012.01.16 23:35:21 | 000,051,939 | ---- | C] () -- C:\Users\Rene\1326744383259.jpg
    [2012.01.16 23:33:33 | 000,284,063 | ---- | C] () -- C:\Users\Rene\1326732393730.png
    [2012.01.16 23:33:18 | 000,070,120 | ---- | C] () -- C:\Users\Rene\1326726602897.jpg
    [2012.01.16 23:27:03 | 000,107,650 | ---- | C] () -- C:\Users\Rene\1326727214639.jpg
    [2012.01.16 23:26:57 | 000,055,800 | ---- | C] () -- C:\Users\Rene\1326727294343.jpg
    [2012.01.16 23:26:52 | 000,041,113 | ---- | C] () -- C:\Users\Rene\1326727337855.jpg
    [2012.01.16 23:26:47 | 000,114,067 | ---- | C] () -- C:\Users\Rene\1326727420804.jpg
    [2012.01.16 23:26:42 | 000,074,098 | ---- | C] () -- C:\Users\Rene\1326727465283.jpg
    [2012.01.16 23:26:37 | 000,039,328 | ---- | C] () -- C:\Users\Rene\1326727574215.jpg
    [2012.01.16 23:26:31 | 000,047,015 | ---- | C] () -- C:\Users\Rene\1326728179242.jpg
    [2012.01.16 23:26:25 | 000,109,463 | ---- | C] () -- C:\Users\Rene\1326727620369.jpg
    [2012.01.16 23:26:20 | 000,057,696 | ---- | C] () -- C:\Users\Rene\1326727667378.jpg
    [2012.01.16 23:26:15 | 000,102,221 | ---- | C] () -- C:\Users\Rene\1326727826932.jpg
    [2012.01.16 23:26:08 | 000,044,447 | ---- | C] () -- C:\Users\Rene\1326728144401.jpg
    [2012.01.16 23:25:59 | 000,068,942 | ---- | C] () -- C:\Users\Rene\1326731256184.jpg
    [2012.01.16 23:25:49 | 000,108,549 | ---- | C] () -- C:\Users\Rene\1326728942150.jpg
    [2012.01.16 23:25:45 | 000,096,098 | ---- | C] () -- C:\Users\Rene\1326728905791.jpg
    [2012.01.16 23:25:38 | 000,061,235 | ---- | C] () -- C:\Users\Rene\1326728658084.jpg
    [2012.01.16 23:25:26 | 000,317,710 | ---- | C] () -- C:\Users\Rene\1326728470475.gif
    [2012.01.16 23:24:15 | 000,202,089 | ---- | C] () -- C:\Users\Rene\1326727006905.jpg
    [2012.01.16 23:24:10 | 000,305,081 | ---- | C] () -- C:\Users\Rene\1326726958844.png
    [2012.01.16 23:24:04 | 000,029,010 | ---- | C] () -- C:\Users\Rene\1326730367746.jpg
    [2012.01.16 23:23:59 | 000,069,088 | ---- | C] () -- C:\Users\Rene\1326730032721.jpg
    [2012.01.16 23:23:54 | 000,102,637 | ---- | C] () -- C:\Users\Rene\1326729598467.jpg
    [2012.01.16 23:23:45 | 000,074,193 | ---- | C] () -- C:\Users\Rene\1326729311888.jpg
    [2012.01.16 23:23:34 | 000,077,120 | ---- | C] () -- C:\Users\Rene\1326729252004.jpg
    [2012.01.15 23:57:07 | 000,777,579 | ---- | C] () -- C:\Users\Rene\evalol.png
    [2012.01.15 21:32:36 | 000,152,815 | ---- | C] () -- C:\Users\Rene\lol2.jpg
    [2012.01.15 19:00:41 | 000,413,148 | ---- | C] () -- C:\Users\Rene\federhauszeichnung.jpg
    [2012.01.12 18:06:34 | 000,171,922 | ---- | C] () -- C:\Users\Rene\face****.jpg
    [2012.01.11 22:37:53 | 000,147,757 | ---- | C] () -- C:\Users\Rene\apfel2.jpg
    [2012.01.11 22:37:46 | 000,153,642 | ---- | C] () -- C:\Users\Rene\apfel1.jpg
    [2012.01.11 22:22:13 | 000,302,266 | ---- | C] () -- C:\Users\Rene\Blechankergang.jpg
    [2012.01.11 22:20:39 | 000,583,329 | ---- | C] () -- C:\Users\Rene\DSC01203.JPG
    [2012.01.11 22:20:39 | 000,334,465 | ---- | C] () -- C:\Users\Rene\DSC01204.JPG
    [2012.01.04 19:11:24 | 000,516,761 | ---- | C] () -- C:\Users\Rene\1325695824265.jpg
    [2011.12.22 01:13:44 | 000,153,043 | ---- | C] () -- C:\Users\Rene\evai76.jpg
    [2011.12.22 01:00:42 | 000,223,322 | ---- | C] () -- C:\Users\Rene\eva schrift4.jpg
    [2011.12.22 00:55:42 | 000,175,401 | ---- | C] () -- C:\Users\Rene\eva schrift2.jpg
    [2011.12.22 00:55:31 | 000,223,542 | ---- | C] () -- C:\Users\Rene\eva schrift 1.jpg
    [2011.12.20 01:07:26 | 000,002,020 | ---- | C] () -- C:\Users\Rene\FOTZEN.rtf
    [2011.12.17 13:50:39 | 000,516,338 | ---- | C] () -- C:\Users\Rene\DSC01195.JPG
    [2011.12.17 13:50:17 | 000,276,959 | ---- | C] () -- C:\Users\Rene\DSC01194.JPG
    [2011.12.16 22:24:16 | 000,563,063 | ---- | C] () -- C:\Users\Rene\video-2011-12-05-10-32-02mp4 - (480 x 360).mp4
    [2011.12.16 22:02:34 | 000,252,361 | ---- | C] () -- C:\Users\Rene\eiszapfen.jpg
    [2011.12.16 22:00:11 | 000,138,878 | ---- | C] () -- C:\Users\Rene\halosonne.jpg
    [2011.12.16 21:57:40 | 000,157,061 | ---- | C] () -- C:\Users\Rene\monsterpizza.jpg
    [2011.12.16 21:55:22 | 000,332,191 | ---- | C] () -- C:\Users\Rene\mond.jpg
    [2011.12.16 21:52:58 | 000,299,912 | ---- | C] () -- C:\Users\Rene\nebel.jpg
    [2011.12.16 21:50:23 | 000,263,526 | ---- | C] () -- C:\Users\Rene\mondschnee.jpg
    [2011.12.16 21:46:11 | 000,288,924 | ---- | C] () -- C:\Users\Rene\julius.jpg
    [2011.12.15 22:10:07 | 000,146,328 | ---- | C] () -- C:\Users\Rene\lol.jpg
    [2011.12.15 22:07:34 | 000,099,977 | ---- | C] () -- C:\Users\Rene\207445_196230710413967_100000811182735_447250_6562890_n.jpg
    [2011.12.15 00:16:49 | 000,073,647 | ---- | C] () -- C:\Users\Rene\brainwall.jpg
    [2011.12.14 23:02:42 | 000,048,277 | ---- | C] () -- C:\Users\Rene\brain.jpg
    [2011.12.14 22:37:39 | 000,093,619 | ---- | C] () -- C:\Users\Rene\9c78c311-48107681.jpg
    [2011.12.14 22:37:30 | 000,060,740 | ---- | C] () -- C:\Users\Rene\99396974-47150789.jpg
    [2011.12.14 22:36:20 | 000,042,099 | ---- | C] () -- C:\Users\Rene\f5dd42dd-50549000.jpg
    [2011.12.14 22:36:08 | 000,063,697 | ---- | C] () -- C:\Users\Rene\a651119a-49331701.jpg
    [2011.12.14 22:36:01 | 000,042,339 | ---- | C] () -- C:\Users\Rene\6319fbe2-49618604.jpg
    [2011.12.14 22:35:37 | 000,128,892 | ---- | C] () -- C:\Users\Rene\2e8ac64f-50596571.jpg
    [2011.12.14 22:35:22 | 000,046,646 | ---- | C] () -- C:\Users\Rene\5ecaba72-50227818.jpg
    [2011.12.13 22:18:59 | 000,051,677 | ---- | C] () -- C:\Users\Rene\sonnenuntergangfuwa.jpg
    [2011.12.13 16:54:59 | 000,879,626 | ---- | C] () -- C:\Users\Rene\überweisung h&m.png
    [2011.12.11 14:48:28 | 000,134,452 | ---- | C] () -- C:\Users\Rene\bass.jpg
    [2011.12.11 12:31:30 | 000,414,579 | ---- | C] () -- C:\Users\Rene\DSC01193.JPG
    [2011.12.10 18:04:20 | 000,029,861 | ---- | C] () -- C:\Users\Rene\1-fbdd820fd82160a6.jpg
    [2011.12.07 19:29:45 | 003,025,423 | ---- | C] () -- C:\Users\Rene\DRUCK.pdf
    [2011.12.07 17:10:32 | 003,025,358 | ---- | C] () -- C:\Users\Rene\zahnrad.pdf
    [2011.12.07 17:03:23 | 001,204,700 | ---- | C] () -- C:\Users\Rene\anglieren.png
    [2011.12.07 16:56:15 | 000,345,129 | ---- | C] () -- C:\Users\Rene\zahnrad vorher.jpg
    [2011.12.07 00:04:43 | 002,401,709 | ---- | C] () -- C:\Users\Rene\zahnrad2.pdf
    [2011.12.06 23:44:20 | 005,658,164 | ---- | C] () -- C:\Users\Rene\zahnrad2.odt
    [2011.12.06 23:19:03 | 000,105,502 | ---- | C] () -- C:\Users\Rene\fräser.jpg
    [2011.12.06 23:16:54 | 000,127,133 | ---- | C] () -- C:\Users\Rene\ausgestochen.jpg
    [2011.12.06 23:04:12 | 000,165,621 | ---- | C] () -- C:\Users\Rene\ausstechen.jpg
    [2011.12.06 22:57:13 | 000,142,967 | ---- | C] () -- C:\Users\Rene\feilhilfe.jpg
    [2011.12.06 22:15:30 | 000,715,905 | ---- | C] () -- C:\Users\Rene\maßblech.png
    [2011.12.06 22:05:47 | 000,110,602 | ---- | C] () -- C:\Users\Rene\anriss.jpg
    [2011.12.06 21:40:58 | 000,284,015 | ---- | C] () -- C:\Users\Rene\schneeeeeeeeeeeee.jpg
    [2011.12.05 22:32:00 | 000,194,697 | ---- | C] () -- C:\Users\Rene\url.jpg
    [2011.12.05 22:32:00 | 000,169,372 | ---- | C] () -- C:\Users\Rene\url1.jpg
    [2011.12.05 22:14:41 | 000,409,634 | ---- | C] () -- C:\Users\Rene\schnee.jpg
    [2011.12.05 19:04:28 | 000,272,316 | ---- | C] () -- C:\Users\Rene\winkel31.png
    [2011.12.05 18:59:17 | 000,270,662 | ---- | C] () -- C:\Users\Rene\winkel3.png
    [2011.12.05 18:06:44 | 000,616,933 | ---- | C] () -- C:\Users\Rene\winkel2.png
    [2011.12.05 17:53:46 | 000,659,670 | ---- | C] () -- C:\Users\Rene\winkel.png
    [2011.12.05 17:39:03 | 002,334,405 | ---- | C] () -- C:\Users\Rene\Kleinbodenrad WINKEL2.jpg
    [2011.12.05 17:30:43 | 002,271,001 | ---- | C] () -- C:\Users\Rene\Kleinhodenrad WINKEL.jpg
    [2011.12.05 07:32:16 | 000,444,347 | ---- | C] () -- C:\Users\Rene\DSC01189.JPG
    [2011.12.05 07:32:04 | 000,584,785 | ---- | C] () -- C:\Users\Rene\DSC01188.JPG
    [2011.12.05 07:31:58 | 000,525,850 | ---- | C] () -- C:\Users\Rene\DSC01187.JPG
    [2011.12.05 07:31:27 | 000,618,151 | ---- | C] () -- C:\Users\Rene\DSC01186.JPG
    [2011.12.05 07:31:16 | 000,477,780 | ---- | C] () -- C:\Users\Rene\DSC01185.JPG
    [2011.12.04 16:45:25 | 003,772,625 | ---- | C] () -- C:\Users\Rene\zahnrad.odt
    [2011.11.28 23:16:31 | 000,186,065 | ---- | C] () -- C:\Users\Rene\sauf police.jpg
    [2011.11.28 23:00:38 | 000,139,138 | ---- | C] () -- C:\Users\Rene\tobi.jpg
    [2011.11.28 22:53:17 | 000,163,053 | ---- | C] () -- C:\Users\Rene\cup cakes.jpg
    [2011.11.28 22:33:28 | 000,120,314 | ---- | C] () -- C:\Users\Rene\himmel1.jpg
    [2011.11.28 00:41:25 | 000,102,560 | ---- | C] () -- C:\Users\Rene\unscharfklein.jpg
    [2011.11.27 23:11:51 | 000,515,836 | ---- | C] () -- C:\Users\Rene\strandvilla.jpg
    [2011.11.27 22:58:53 | 000,104,260 | ---- | C] () -- C:\Users\Rene\sonnenuntergang2.jpg
    [2011.11.27 22:54:47 | 000,206,093 | ---- | C] () -- C:\Users\Rene\schiff leuchtturm.jpg
    [2011.11.27 22:53:12 | 000,125,907 | ---- | C] () -- C:\Users\Rene\sonnenuntergang meer.jpg
    [2011.11.27 22:51:30 | 000,370,274 | ---- | C] () -- C:\Users\Rene\sta barbara anna.jpg
    [2011.11.27 19:56:10 | 000,195,734 | ---- | C] () -- C:\Users\Rene\altocumulus.jpg
    [2011.11.23 21:38:04 | 000,393,990 | ---- | C] () -- C:\Users\Rene\DSC01176.JPG
    [2011.11.23 21:38:03 | 000,441,398 | ---- | C] () -- C:\Users\Rene\DSC01174.JPG
    [2011.11.23 21:38:03 | 000,429,692 | ---- | C] () -- C:\Users\Rene\DSC01175.JPG
    [2011.11.23 21:36:28 | 000,160,417 | ---- | C] () -- C:\Users\Rene\DSC01177.JPG
    [2011.11.23 21:06:53 | 000,097,103 | ---- | C] () -- C:\Users\Rene\ba1168dc-51317858.jpg
    [2011.11.21 21:27:17 | 000,248,095 | ---- | C] () -- C:\Users\Rene\uhr.jpg
    [2011.11.21 00:54:25 | 000,089,795 | ---- | C] () -- C:\Users\Rene\banana2.jpg
    [2011.11.20 22:41:37 | 000,045,531 | ---- | C] () -- C:\Users\Rene\banana.jpg
    [2011.11.20 17:43:19 | 000,139,240 | ---- | C] () -- C:\Users\Rene\unscharf2.jpg
    [2011.11.19 23:37:07 | 000,687,178 | ---- | C] () -- C:\Users\Rene\schmetter.jpg
    [2011.11.19 23:28:20 | 000,325,011 | ---- | C] () -- C:\Users\Rene\IMG_4931.jpg
    [2011.11.19 23:13:25 | 000,238,443 | ---- | C] () -- C:\Users\Rene\DSC00905.JPG
    [2011.11.19 23:06:36 | 000,195,494 | ---- | C] () -- C:\Users\Rene\DSC01067.JPG
    [2011.11.19 23:00:11 | 000,269,211 | ---- | C] () -- C:\Users\Rene\DSC01132.JPG
    [2011.11.19 22:59:53 | 000,266,072 | ---- | C] () -- C:\Users\Rene\DSC01131.JPG
    [2011.11.19 22:54:40 | 000,395,297 | ---- | C] () -- C:\Users\Rene\DSC01142.JPG
    [2011.11.19 22:48:40 | 000,359,743 | ---- | C] () -- C:\Users\Rene\DSC00753.JPG
    [2011.11.19 22:46:30 | 000,333,421 | ---- | C] () -- C:\Users\Rene\DSC00760.JPG
    [2011.11.19 22:46:02 | 000,527,430 | ---- | C] () -- C:\Users\Rene\DSC00759.JPG
    [2011.11.19 22:45:08 | 000,308,565 | ---- | C] () -- C:\Users\Rene\DSC00738.JPG
    [2011.11.19 22:43:12 | 000,399,343 | ---- | C] () -- C:\Users\Rene\DSC00731.JPG
    [2011.11.19 22:40:54 | 000,395,121 | ---- | C] () -- C:\Users\Rene\DSC00075.JPG
    [2011.11.19 22:31:12 | 000,388,082 | ---- | C] () -- C:\Users\Rene\mein haus.jpg
    [2011.11.19 22:28:25 | 000,148,409 | ---- | C] () -- C:\Users\Rene\schneesonne.jpg
    [2011.11.19 22:26:10 | 000,247,374 | ---- | C] () -- C:\Users\Rene\schneehaus.jpg
    [2011.11.19 22:24:11 | 000,282,856 | ---- | C] () -- C:\Users\Rene\wasserfall.jpg
    [2011.11.18 23:30:56 | 000,367,761 | ---- | C] () -- C:\Users\Rene\stadt3.jpg
    [2011.11.18 23:29:56 | 000,452,393 | ---- | C] () -- C:\Users\Rene\stadt2.jpg
    [2011.11.18 23:29:10 | 000,392,040 | ---- | C] () -- C:\Users\Rene\stadt1.jpg
    [2011.11.18 23:27:41 | 000,490,522 | ---- | C] () -- C:\Users\Rene\sacre.jpg
    [2011.11.18 22:58:05 | 000,182,979 | ---- | C] () -- C:\Users\Rene\statue taube.jpg
    [2011.11.18 22:54:13 | 000,230,805 | ---- | C] () -- C:\Users\Rene\beide paris.jpg
    [2011.11.18 22:48:34 | 000,525,086 | ---- | C] () -- C:\Users\Rene\sträucher.jpg
    [2011.11.18 22:45:31 | 000,655,397 | ---- | C] () -- C:\Users\Rene\paris bäume.jpg
    [2011.11.18 22:41:55 | 000,206,174 | ---- | C] () -- C:\Users\Rene\beide2.jpg
    [2011.11.18 22:41:30 | 000,189,991 | ---- | C] () -- C:\Users\Rene\beide.jpg
    [2011.11.18 22:38:29 | 000,504,537 | ---- | C] () -- C:\Users\Rene\kapp.jpg
    [2011.11.18 22:36:11 | 000,153,388 | ---- | C] () -- C:\Users\Rene\unscharf1.jpg
    [2011.11.18 22:31:42 | 000,544,400 | ---- | C] () -- C:\Users\Rene\ich ostsee lol.jpg
    [2011.11.18 22:29:25 | 000,398,255 | ---- | C] () -- C:\Users\Rene\ich ostsee 1.jpg
    [2011.11.18 22:25:26 | 000,301,317 | ---- | C] () -- C:\Users\Rene\leuchtturm haupt.jpg
    [2011.11.18 22:23:13 | 000,234,523 | ---- | C] () -- C:\Users\Rene\leuchtturm rot.jpg
    [2011.11.18 22:21:56 | 000,212,065 | ---- | C] () -- C:\Users\Rene\leuchtturm.jpg
    [2011.11.18 22:19:39 | 000,278,529 | ---- | C] () -- C:\Users\Rene\strandkörbe.jpg
    [2011.11.18 18:43:26 | 002,623,344 | ---- | C] () -- C:\Users\Rene\Nur Scheie in da Birne xdmp4 - (480 x 360).mp4
    [2011.11.16 23:05:49 | 004,323,357 | ---- | C] () -- C:\Users\Rene\Wir lassen eine Spinne jumpenmp4 - (480 x 360).mp4
    [2011.11.16 23:01:19 | 006,649,285 | ---- | C] () -- C:\Users\Rene\Ich glaub du blinkstmp4 - (480 x 360).mp4
    [2011.11.16 22:51:26 | 004,020,863 | ---- | C] () -- C:\Users\Rene\Attack of the Pustebloommp4 - (480 x 360).mp4
    [2011.11.16 22:43:38 | 013,702,352 | ---- | C] () -- C:\Users\Rene\NagerriegelXDmp4 - (480 x 360).mp4
    [2011.11.16 19:15:40 | 000,103,384 | ---- | C] () -- C:\Users\Rene\bikini-vs-underwear.jpg
    [2011.11.14 23:49:27 | 000,142,648 | ---- | C] () -- C:\Users\Rene\andrea2.rtf
    [2011.11.14 22:01:26 | 000,286,946 | ---- | C] () -- C:\Users\Rene\name.jpg
    [2011.11.14 21:57:51 | 000,400,547 | ---- | C] () -- C:\Users\Rene\face.jpg
    [2011.11.14 18:35:11 | 000,381,077 | ---- | C] () -- C:\Users\Rene\DSC01170.JPG
    [2011.11.13 23:10:46 | 000,018,112 | ---- | C] () -- C:\Users\Rene\andrea.rtf
    [2011.11.06 23:03:32 | 000,089,370 | ---- | C] () -- C:\Users\Rene\1320613188836.jpg
    [2011.10.13 18:06:50 | 001,590,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.10.07 22:49:56 | 000,240,424 | ---- | C] () -- C:\Users\Rene\avatar.png
    [2011.09.30 14:38:49 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.09.27 18:06:40 | 000,000,434 | ---- | C] () -- C:\Windows\scummvm.ini
    [2011.09.05 23:12:03 | 000,007,606 | ---- | C] () -- C:\Users\Rene\AppData\Local\Resmon.ResmonCfg
    [2011.09.05 22:39:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011.08.29 23:36:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011.08.23 14:43:31 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
    [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

    ========== LOP Check ==========

    [2012.07.04 17:23:50 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Azureus
    [2012.05.01 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\EDrawings
    [2012.06.07 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\gtk-2.0
    [2012.07.15 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ
    [2012.02.12 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Iggels
    [2011.12.06 21:51:10 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\OpenOffice.org
    [2012.01.22 14:47:04 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Trine2
    [2012.06.14 18:54:37 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Waveform
    [2012.07.14 11:19:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
  4. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    OTL Extras logfile created on: 16.07.2012 09:51:14 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rene\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,12 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 62,87% Memory free
    6,24 Gb Paging File | 4,97 Gb Available in Paging File | 79,54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,41 Gb Total Space | 25,63 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
    Drive D: | 4,88 Gb Total Space | 2,21 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
    Drive E: | 107,91 Gb Total Space | 89,33 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
    Drive F: | 8,55 Gb Total Space | 8,46 Gb Free Space | 99,02% Space Free | Partition Type: NTFS
    Drive G: | 195,31 Gb Total Space | 13,07 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
    Drive H: | 265,57 Gb Total Space | 3,57 Gb Free Space | 1,34% Space Free | Partition Type: NTFS
    Drive K: | 931,28 Gb Total Space | 167,64 Gb Free Space | 18,00% Space Free | Partition Type: FAT32

    Computer Name: CHRONOS | User Name: Rene | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CF128FA5-B6D7-4A6A-9140-7B9AB19CEC12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FE268F51-FDCC-43F6-BEF0-332E16E434D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{11108E58-EEF7-49D4-99FF-CE5A7BB902A6}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
    "UDP Query User{70E56B05-D0AF-4A50-9DA1-836B6076FC33}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{455804F2-70A9-46BD-BEB8-957000EC20D4}" = SolidWorks eDrawings 2011 x64 Edition SP02
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP02
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "WinRAR archiver" = WinRAR 4.01 (64-Bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
    "{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{53480060-85DE-4F43-9AFE-6E9D8FB8F2C1}" = O&O SafeErase
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
    "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "5513-1208-7298-9440" = JDownloader 0.9
    "8461-7759-5462-8226" = Vuze
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Audacity_is1" = Audacity 1.2.6
    "avast" = avast! Free Antivirus
    "Black Prophecy_is1" = Black Prophecy
    "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MySSID_is1" = Vtune 7.18
    "No23 Recorder" = No23 Recorder
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "PunkBusterSvc" = PunkBuster Services
    "SolidWorks Installation Manager 20110-40200-1100-100" = SolidWorks 2011 x64 Edition SP02
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 207610" = The Walking Dead
    "Steam App 440" = Team Fortress 2
    "Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
    "Steam App 45740" = Dead Rising 2
    "Steam App 48000" = LIMBO
    "VLC media player" = VLC media player 2.0.1
    "Winamp" = Winamp
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11.07.2012 16:05:20 | Computer Name = Chronos | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 12.07.2012 08:24:39 | Computer Name = Chronos | Source = Windows Search Service | ID = 3100
    Description =

    Error - 12.07.2012 08:37:49 | Computer Name = Chronos | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
    0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
    0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
    0x8c8 Startzeit der fehlerhaften Anwendung: 0x01cd602b1be8de5e Pfad der fehlerhaften
    Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
    unknown Berichtskennung: 633b6e70-cc1e-11e1-ade7-0013d3b089a0

    Error - 12.07.2012 08:37:49 | Computer Name = Chronos | Source = Application Error | ID = 1005
    Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
    werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
    gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
    der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

    Programm:
    FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
    Benutzeraktion
    1.
    Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
    das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
    Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
    befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
    besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
    sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
    überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
    und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
    im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
    Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
    4.
    Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
    besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
    werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
    Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
    um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
    Daten Fehlerwert: 00000000 Datenträgertyp: 0

    Error - 12.07.2012 10:50:54 | Computer Name = Chronos | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
    0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
    0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
    0x99c Startzeit der fehlerhaften Anwendung: 0x01cd603db935365a Pfad der fehlerhaften
    Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
    unknown Berichtskennung: facd8036-cc30-11e1-9e28-0013d3b089a0

    Error - 12.07.2012 10:50:54 | Computer Name = Chronos | Source = Application Error | ID = 1005
    Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
    werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
    gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
    der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

    Programm:
    FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
    Benutzeraktion
    1.
    Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
    das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
    Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
    befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
    besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
    sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
    überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
    und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
    im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
    Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
    4.
    Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
    besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
    werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
    Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
    um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
    Daten Fehlerwert: 00000000 Datenträgertyp: 0

    Error - 12.07.2012 11:03:43 | Computer Name = Chronos | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
    0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
    0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
    0x82c Startzeit der fehlerhaften Anwendung: 0x01cd603f7d72e3e0 Pfad der fehlerhaften
    Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
    unknown Berichtskennung: c50bef76-cc32-11e1-a6a8-0013d3b089a0

    Error - 12.07.2012 11:03:43 | Computer Name = Chronos | Source = Application Error | ID = 1005
    Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
    werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
    gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
    der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

    Programm:
    FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
    Benutzeraktion
    1.
    Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
    das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
    Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
    befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
    besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
    sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
    überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
    und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
    im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
    Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
    4.
    Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
    besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
    werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
    Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
    um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
    Daten Fehlerwert: 00000000 Datenträgertyp: 0

    Error - 13.07.2012 12:50:11 | Computer Name = Chronos | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: FB5FB9.exe, Version: 0.0.0.0, Zeitstempel:
    0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
    0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x0018ff7c ID des fehlerhaften Prozesses:
    0x9e0 Startzeit der fehlerhaften Anwendung: 0x01cd61178ed6aa6c Pfad der fehlerhaften
    Anwendung: C:\Users\Rene\AppData\Roaming\FB5FB9.exe Pfad des fehlerhaften Moduls:
    unknown Berichtskennung: cf0bb5e6-cd0a-11e1-9e2f-0013d3b089a0

    Error - 13.07.2012 12:50:11 | Computer Name = Chronos | Source = Application Error | ID = 1005
    Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
    werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
    gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
    der Datenträger fehlt. Das Programm FB5FB9.exe wurde wegen dieses Fehlers geschlossen.

    Programm:
    FB5FB9.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
    Benutzeraktion
    1.
    Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
    das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
    Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
    befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
    besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
    sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
    überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
    und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
    im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
    Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
    4.
    Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
    besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
    werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
    Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
    um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
    Daten Fehlerwert: 00000000 Datenträgertyp: 0

    [ System Events ]
    Error - 30.04.2012 12:01:06 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2

    Error - 30.04.2012 16:03:29 | Computer Name = Chronos | Source = volsnap | ID = 393252
    Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
    nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

    Error - 01.05.2012 04:10:21 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2

    Error - 01.05.2012 06:04:34 | Computer Name = Chronos | Source = volsnap | ID = 393252
    Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
    nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

    Error - 01.05.2012 10:08:30 | Computer Name = Chronos | Source = volsnap | ID = 393252
    Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
    nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

    Error - 02.05.2012 06:17:17 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2

    Error - 02.05.2012 10:57:11 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2

    Error - 03.05.2012 09:08:34 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2

    Error - 03.05.2012 14:31:57 | Computer Name = Chronos | Source = volsnap | ID = 393252
    Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
    nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

    Error - 04.05.2012 06:28:23 | Computer Name = Chronos | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%2


    < End of report >
  5. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    what are those "trusted domains" in that scan?
    I.e. O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

    I never visited those sites - never even heard of them
  6. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    We'll remove them.
    Putting anything in trusted zone is not a good idea in general.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-21-1058247347-2628564259-3555606596-1004\..Trusted Domains: sony.com ([]* in )
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  7. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    hey, I pasted the script into OTL and clicked "run fix". it shows "processing O4 - HKU\S-1-5-21..................." etc. pp. at the bottom of the window - but nothing else happens. it's "running" for 2 hours now and nothing happenes - seems to be frozen. is it save to restart my pc?
  8. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Run the fix from safe mode.
  9. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-1058247347-2628564259-3555606596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rene
    ->Temp folder emptied: 5838649 bytes
    ->Temporary Internet Files folder emptied: 9812221 bytes
    ->Java cache emptied: 1689329 bytes
    ->FireFox cache emptied: 642411567 bytes
    ->Flash cache emptied: 224691 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 41100 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
    RecycleBin emptied: 393102969 bytes

    Total Files Cleaned = 1.004,00 mb
  10. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.265
    Mozilla Firefox (x86 de..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
  11. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    Farbar Service Scanner Version: 19-07-2012
    Ran by Rene (administrator) on 21-07-2012 at 17:16:34
    Running from "C:\Users\Rene\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  12. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{fe12307a-d93b-c855-ecab-5fb11141fa17}\U\trz37B4.tmp Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Rene\AppData\Roaming\trz4F16.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.GLCTBYX trojan cleaned by deleting - quarantined
  13. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  14. sulpher

    sulpher Newcomer, in training Topic Starter Posts: 30

    Have updated Java and deleted the old versions.
    Proceeding with the corrupt registry key now.
  15. Broni

    Broni Malware Annihilator Posts: 45,317   +243

  16. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Still with me?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.