Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Log-Analyse und Auswertung: PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 20.11.2011, 17:41   #1
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Hallo! Mein PC erstellt mir nur noch Verknüpfungen von Ordnern, die sich auf dem USB-Stick oder der Memory Card meiner Kamera befinden. Ich habe eine JPEG-Datei bei facebook öffnen wollen und mir dabei wohl was eingefangen. Brauche DRINGEND Hilfe, da ich mich im Ausland befinde und keine Fotos mehr übertragen kann. Kann es sein, dass sich der Virus auch auf dem Uni-Computer befinden?

Habe alles gemacht wie hier angegeben und folgende Ergebnisse:

OTL:

OTL logfile created on: 20.11.2011 16:55:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steffie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 43,47% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,12 Gb Free Space | 36,18% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 89,26 Gb Free Space | 83,67% Space Free | Partition Type: NTFS

Computer Name: STEFFIE-PC | User Name: Steffie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.20 16:42:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffie\Downloads\OTL.exe
PRC - [2011.11.11 12:59:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.16 01:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 00:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 01:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.31 05:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.09.01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
PRC - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.05.26 16:12:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\Windows\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.21 10:07:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.21 10:06:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.21 10:06:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.21 10:03:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.21 10:02:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010.11.03 16:52:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.11.03 16:52:00 | 001,241,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.03 16:52:00 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2009.07.18 04:21:00 | 003,883,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.11.13 10:38:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.11.13 10:38:04 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2008.11.13 10:38:03 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.08 10:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2007.05.11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
MOD - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56spn.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56itl.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56ger.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56fra.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56eng.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56brz.dll
MOD - [2005.05.26 16:12:26 | 000,049,152 | ---- | M] () -- C:\Windows\sm56jpn.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56cht.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56chs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)


========== Driver Services (SafeList) ==========

DRV - [2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.17 21:53:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111119.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.11.17 21:53:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.17 21:53:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.11.17 21:53:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111119.016\NAVENG.SYS -- (NAVENG)
DRV - [2011.11.17 16:04:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111118.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.11.14 19:31:30 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.05.20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.01.13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.13 09:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.24 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 01:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.05.26 16:19:18 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.03.11 15:17:34 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lokalisten.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.11.20 15:24:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63D97EB8-E45E-49B2-81FE-9683962EC024}: DhcpNameServer = 10.64.255.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFBFF7B2-FAD5-4108-A6F3-186B35B87588}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{822bb456-d2f9-11df-bc5f-002215895bf8}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.20 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\Malwarebytes
[2011.11.20 14:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.20 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.20 14:00:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.20 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 13:33:17 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.20 13:33:15 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.20 13:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.20 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.20 13:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.20 13:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.20 13:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.18 10:10:31 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symtdiv.sys
[2011.11.18 10:10:31 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symnets.sys
[2011.11.18 10:10:30 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.sys
[2011.11.18 10:10:30 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.sys
[2011.11.18 10:10:30 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.sys
[2011.11.18 10:10:30 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.sys
[2011.11.18 10:10:29 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\ironx86.sys
[2011.11.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1206000.01D
[2011.11.17 21:28:35 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.17 21:25:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.11.17 21:25:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.11.17 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011.10.28 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Steffie\{517fbef0-afaa-458b-9049-5228477d34c9}
[2011.10.25 20:13:48 | 000,000,000 | ---D | C] -- C:\Users\Steffie\Desktop\Fotos Bordeaux - Kopie
[2007.01.24 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.11.20 16:52:18 | 000,000,000 | ---- | M] () -- C:\Users\Steffie\defogger_reenable
[2011.11.20 15:24:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 15:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 15:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 15:24:05 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 14:00:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.20 13:33:01 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.20 13:33:01 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.20 13:08:37 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.11.19 11:54:48 | 000,635,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.19 11:54:48 | 000,602,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.19 11:54:48 | 000,130,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.19 11:54:48 | 000,107,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.18 11:15:59 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.11.18 11:15:00 | 002,429,542 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.18 10:10:32 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.18 10:10:32 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.18 09:56:30 | 000,071,618 | ---- | M] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.11 12:59:36 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.11 12:59:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

========== Files Created - No Company Name ==========

[2011.11.20 16:52:18 | 000,000,000 | ---- | C] () -- C:\Users\Steffie\defogger_reenable
[2011.11.20 14:00:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.20 13:33:01 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.20 13:33:00 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.20 13:32:44 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.18 11:13:43 | 002,429,542 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:31 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011.11.18 10:10:31 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011.11.18 10:10:30 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011.11.18 10:10:30 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011.11.18 10:10:30 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011.11.18 10:10:30 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011.11.18 10:10:30 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011.11.18 10:10:30 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011.11.18 10:10:30 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011.11.18 10:10:30 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011.11.18 10:10:30 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011.11.18 10:10:29 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011.11.18 10:10:29 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011.11.18 10:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011.11.18 10:09:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011.11.18 09:57:49 | 000,071,618 | ---- | C] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.17 21:28:35 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.17 21:28:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.17 21:28:13 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.11.08 19:49:42 | 000,098,730 | ---- | C] () -- C:\Users\Steffie\Desktop\KNORR Stefanie.pdf
[2011.04.28 17:40:04 | 000,000,680 | ---- | C] () -- C:\Users\Steffie\AppData\Local\d3d9caps.dat
[2011.04.05 15:13:32 | 000,123,244 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.27 17:22:17 | 000,001,940 | ---- | C] () -- C:\Users\Steffie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.07.31 08:33:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.31 08:33:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.12 09:19:32 | 000,034,304 | ---- | C] () -- C:\Users\Steffie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.07 11:20:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.01 14:27:01 | 000,000,582 | ---- | C] () -- C:\Windows\eReg.dat
[2008.08.29 13:00:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 12:07:44 | 000,831,342 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.08.08 13:56:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.04.16 12:11:34 | 000,635,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,130,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.02.11 04:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 04:34:47 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 04:34:47 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 04:34:47 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.12.28 04:59:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,373,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,602,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,106 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 16:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll

========== LOP Check ==========

[2008.11.13 10:38:47 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Academic Software Zurich
[2011.08.25 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoft
[2011.07.16 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.11 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\gtk-2.0
[2008.08.29 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ
[2008.08.29 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ Toolbar
[2011.11.20 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.20 15:23:17 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< defogger_enable by jpshortstuff (23.02.10.1) >

< Log created at 16:52 on 20/11/2011 (Steffie) >
Invalid Switch: 2011 (Steffie)


< >

< Parsing file... >

< >

< >

< -=E.O.F=- >

< End of report >

Extras:

OTL Extras logfile created on: 20.11.2011 16:55:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steffie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 43,47% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,12 Gb Free Space | 36,18% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 89,26 Gb Free Space | 83,67% Space Free | Partition Type: NTFS

Computer Name: STEFFIE-PC | User Name: Steffie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B8D2A7-D1D3-4BDC-A9DD-77E1E9E978D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3CB9162A-9775-4CCB-9235-AC434A0EA6F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{96780290-A12F-4ADF-AAE0-7C3ABA95ADED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FF67663-2B27-4BBA-A3C7-239211EF0C22}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3C14F194-1B74-49EF-855D-5F847C0ED44F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{47802E92-0017-41F6-AE63-B3A7D8E8E2A8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{530423ED-204D-49B8-A408-B1B077D3C1C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FE08EED-63AF-4A7B-9408-4E6EB73458D2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{7BB748AD-71F1-416B-80FB-AFE9DFD43BF9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{AB339288-C706-4C33-BAC5-F719DD1ED766}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{AD65B45E-1CB1-4E80-BA79-15F882496CE1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B65BBCA9-3F47-4422-86A1-E35E8DE2C9C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CADD8B70-C9AF-4452-8D7C-AE210B313F47}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC3A2331-846E-40CF-AE4C-52650AC6044C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E5B9BE2D-16A7-44F6-960B-B4F8E9B7C144}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{EB923B44-E44F-4E39-87BF-E0A4DE961810}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F215C3F8-9BA0-48CC-BEF2-ED3F404F86AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C037D08B-4883-491D-9329-DC5ACA90F797}" = Sony Ericsson PC Suite
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Citavi" = Citavi 2.4.7
"conduitEngine" = Conduit Engine
"das Gesamtinformationspaket von MPU - Restalkohol" = das Gesamtinformationspaket von MPU - Restalkohol
"DoulosSIL" = DoulosSIL 4.106
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.6.715
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NAV" = Norton AntiVirus
"PROHYBRIDR" = 2007 Microsoft Office system
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SMSERIAL" = Motorola SM56 Data Fax Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spotlight Games" = Spotlight Games (ital)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"WheelMouse" = OCZ Technology Laser Gaming Mouse
"Winamp" = Winamp (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.01.2010 13:21:00 | Computer Name = Steffie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EPMWOR~1.EXE, Version 1.2.0.1093, Zeitstempel
0x422445a2, fehlerhaftes Modul db_objects.dll, Version 1.0.0.1116, Zeitstempel
0x42244455, Ausnahmecode 0xc0000005, Fehleroffset 0x00004f5c, Prozess-ID 0x47c, Anwendungsstartzeit
01caa03e41ce3a91.

Error - 28.01.2010 13:21:45 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.01.2010 12:51:47 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.01.2010 04:37:00 | Computer Name = Steffie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EPMWOR~1.EXE, Version 1.2.0.1093, Zeitstempel
0x422445a2, fehlerhaftes Modul db_objects.dll, Version 1.0.0.1116, Zeitstempel
0x42244455, Ausnahmecode 0xc0000005, Fehleroffset 0x00004f5c, Prozess-ID 0x53c, Anwendungsstartzeit
01caa18763a7b083.

Error - 30.01.2010 04:38:01 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.01.2010 09:31:51 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.01.2010 09:34:10 | Computer Name = Steffie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winamp.exe, Version 5.3.5.1305, Zeitstempel
0x4648e17d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x002241c0, Prozess-ID 0x2b8, Anwendungsstartzeit
01caa279bdd544b6.

Error - 01.02.2010 13:11:09 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

Error - 02.02.2010 13:07:34 | Computer Name = Steffie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EPMWOR~1.EXE, Version 1.2.0.1093, Zeitstempel
0x422445a2, fehlerhaftes Modul db_objects.dll, Version 1.0.0.1116, Zeitstempel
0x42244455, Ausnahmecode 0xc0000005, Fehleroffset 0x00004f5c, Prozess-ID 0xe20, Anwendungsstartzeit
01caa42a3430ad13.

Error - 02.02.2010 13:08:49 | Computer Name = Steffie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15.11.2011 22:02:48 | Computer Name = Steffie-PC | Source = DCOM | ID = 10010
Description =

Error - 17.11.2011 16:05:12 | Computer Name = Steffie-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 17.11.2011 16:12:09 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 17.11.2011 16:19:55 | Computer Name = Steffie-PC | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_SYMEVENT\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.

Error - 17.11.2011 16:30:22 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18.11.2011 04:51:33 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 18.11.2011 06:17:28 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 19.11.2011 06:30:32 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 20.11.2011 08:10:55 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 20.11.2011 10:25:35 | Computer Name = Steffie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

Gmer:


GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-20 17:32:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO
Running: jiz749g3.exe; Driver: C:\Users\Steffie\AppData\Local\Temp\ugrirfob.sys


---- System - GMER 1.0.15 ----

SSDT 87DF50B8 ZwAlertResumeThread
SSDT 87DF5198 ZwAlertThread
SSDT 87DF5AA8 ZwAllocateVirtualMemory
SSDT 87BD2AC8 ZwAlpcConnectPort
SSDT 87DF6810 ZwAssignProcessToJobObject
SSDT 87DF6E00 ZwCreateMutant
SSDT 87DF7C08 ZwCreateSymbolicLinkObject
SSDT 87DF5FB0 ZwCreateThread
SSDT 87DF68F0 ZwDebugActiveProcess
SSDT 87DF5C78 ZwDuplicateObject
SSDT 87DF58C8 ZwFreeVirtualMemory
SSDT 87DF6EF0 ZwImpersonateAnonymousToken
SSDT 87DF6FD0 ZwImpersonateThread
SSDT 87C56590 ZwLoadDriver
SSDT 87DF57C8 ZwMapViewOfSection
SSDT 87DF6D20 ZwOpenEvent
SSDT 87DF5E58 ZwOpenProcess
SSDT 87DF5B98 ZwOpenProcessToken
SSDT 87DF6B18 ZwOpenSection
SSDT 87DF5D68 ZwOpenThread
SSDT 87DF6720 ZwProtectVirtualMemory
SSDT 87DF5278 ZwResumeThread
SSDT 87DF5518 ZwSetContextThread
SSDT 87DF55F8 ZwSetInformationProcess
SSDT 87DF69D0 ZwSetSystemInformation
SSDT 87DF6BF8 ZwSuspendProcess
SSDT 87DF5358 ZwSuspendThread
SSDT 87DE81A0 ZwTerminateProcess
SSDT 87DF5438 ZwTerminateThread
SSDT 87DF56E8 ZwUnmapViewOfSection
SSDT 87DF59B8 ZwWriteVirtualMemory
SSDT 87DF6308 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822B78A0 8 Bytes [B8, 50, DF, 87, 98, 51, DF, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 822B78B4 4 Bytes [A8, 5A, DF, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 822B78C0 4 Bytes [C8, 2A, BD, 87] {ENTER 0xbd2a, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 191 822B7914 4 Bytes [10, 68, DF, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822B7978 4 Bytes [00, 6E, DF, 87]
.text ...
? System32\drivers\bimjrw.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Safari\Safari.exe[5608] USER32.dll!EndPaint 762FA28F 5 Bytes JMP 68D5F560 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)
.text C:\Program Files\Safari\Safari.exe[5608] USER32.dll!BeginPaint 762FA2A3 5 Bytes JMP 68D5F4F0 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




Danke danke danke an jeden der mir helfen kann

Liebe Grüße

Alt 21.11.2011, 11:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________
Alt 21.11.2011, 19:55   #3
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Vielen Dank für die schnelle Antwort, hier der Inhalt der log.txt


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=49aabc727307274cb3943b6e7d6b8421
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-21 02:24:02
# local_time=2011-11-21 03:24:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 95 72849075 159409479 0 0
# compatibility_mode=8192 67108863 100 0 3840 3840 0 0
# scanned=168910
# found=1
# cleaned=0
# scan_time=8692
C:\Users\Steffie\Downloads\FreeYouTubeToMp3Converter61.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I


Hab danach nocheinmal Malware gestartet (Ergebnisse von gestern stehen ja schon oben) mit folgendem Ergebnis:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8198

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

20.11.2011 15:22:24
mbam-log-2011-11-20 (15-22-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 319358
Laufzeit: 1 Stunde(n), 18 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Steffie\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken.

Infizierte Dateien:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.




Was tun?
__________________
Alt 21.11.2011, 21:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2011, 08:23   #5
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Und wie mach ich das? Sorry ich bin nicht PC-affin
Malwarebytes öffnen und dann bei der Liste "Quarantäne" auf "Alles löschen" ?
Ist dann sicher ALLES von meinem PC weg? Kann es sein, dass der Uni-PC auch beschädigt ist? Kann es sein, dass meine Kamera auch einen Virus hat?
Danke


Alt 22.11.2011, 11:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Wie wärs mal wenn du die Anleitung zu Malwarebytes (vorher) liest?
Es ist völlig normal, dass nicht jeder ein PC-Freak sein kann, aber dann muss man umso mehr aufmerksamer die Anleitung lesen. Und nein, der PC ist dann nicht sicher sauber, hab ich auch nirgendwo geschrieben.
Entfern erstmal die Funde, dann sehen wir weiter.
__________________
--> PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards

Alt 22.11.2011, 13:27   #7
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Habe ich gemacht, aber da er nichts gefunden hat gibts auch keinen Button mit "Ausgewähltes entfernen", ich kann nur den Logbericht öffnen und das sehen, was sich in der Quarantäne befindet und das sind 10 Dateien. Hier der neueste Logbericht, ich habe es gerade extra noch einmal ausprobiert:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8198

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

20.11.2011 15:22:24
mbam-log-2011-11-20 (15-22-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 319358
Laufzeit: 1 Stunde(n), 18 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Steffie\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken.

Infizierte Dateien:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Alt 22.11.2011, 16:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Dann wurden die Funde schon entfernt.
Außerdem hast du das OTL-Log falsch erstellt.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2011, 18:52   #9
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Danke für deine Geduld mit mir. Anbei die Ergebnisse aus OTL.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2011 17:58:19 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Steffie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,28% Memory free
6,19 Gb Paging File | 4,83 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 38,81 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 105,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
 
Computer Name: STEFFIE-PC | User Name: Steffie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.22 17:55:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffie\Downloads\OTL-1.exe
PRC - [2011.11.11 12:59:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.16 01:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 00:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 01:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.31 05:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.09.01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
PRC - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.05.26 16:12:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\Windows\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 10:07:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.21 10:06:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.21 10:06:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.21 10:03:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.21 10:02:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2008.11.13 10:38:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.11.13 10:38:04 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2008.11.13 10:38:03 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.08 10:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56spn.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56itl.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56ger.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56fra.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56eng.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56brz.dll
MOD - [2005.05.26 16:12:26 | 000,049,152 | ---- | M] () -- C:\Windows\sm56jpn.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56cht.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56chs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.17 21:53:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111121.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.11.17 21:53:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.17 21:53:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.11.17 21:53:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111121.036\NAVENG.SYS -- (NAVENG)
DRV - [2011.11.17 16:04:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111119.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011.11.14 19:31:30 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.05.20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.01.13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.13 09:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.24 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 01:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.05.26 16:19:18 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.03.11 15:17:34 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = lokalisten community: freunde, chat, online games & partyfotos [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.11.22 07:42:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFBFF7B2-FAD5-4108-A6F3-186B35B87588}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{822bb456-d2f9-11df-bc5f-002215895bf8}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.clmp3enc - C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.22 15:35:01 | 000,000,000 | ---D | C] -- C:\Users\Steffie\Desktop\Logs
[2011.11.21 12:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.20 19:31:55 | 000,000,000 | ---D | C] -- C:\Users\Steffie\Desktop\Antivirenprogramme
[2011.11.20 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\Malwarebytes
[2011.11.20 14:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.20 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.20 14:00:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.20 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 13:33:17 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.20 13:33:15 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.20 13:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.20 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.20 13:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.20 13:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.20 13:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.18 10:10:31 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symtdiv.sys
[2011.11.18 10:10:31 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symnets.sys
[2011.11.18 10:10:30 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.sys
[2011.11.18 10:10:30 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.sys
[2011.11.18 10:10:30 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.sys
[2011.11.18 10:10:30 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.sys
[2011.11.18 10:10:29 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\ironx86.sys
[2011.11.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1206000.01D
[2011.11.17 21:28:35 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.17 21:25:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.11.17 21:25:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.11.17 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011.10.28 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Steffie\{517fbef0-afaa-458b-9049-5228477d34c9}
[2007.01.24 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.22 17:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.22 12:35:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 12:35:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 10:35:01 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.22 07:43:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.11.21 22:55:54 | 002,646,012 | ---- | M] () -- C:\Users\Steffie\Desktop\Verlauf.mcf
[2011.11.21 19:53:48 | 000,000,794 | ---- | M] () -- C:\Users\Steffie\Desktop\mbam-log-2011-11-20 (15-22-16).lnk
[2011.11.20 16:52:18 | 000,000,000 | ---- | M] () -- C:\Users\Steffie\defogger_reenable
[2011.11.19 11:54:48 | 000,635,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.19 11:54:48 | 000,602,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.19 11:54:48 | 000,130,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.19 11:54:48 | 000,107,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.18 11:15:59 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.11.18 11:15:00 | 002,429,542 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.18 10:10:32 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.18 10:10:32 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.18 09:56:30 | 000,071,618 | ---- | M] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.11 12:59:36 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.11 12:59:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2011.11.21 22:55:50 | 002,646,012 | ---- | C] () -- C:\Users\Steffie\Desktop\Verlauf.mcf
[2011.11.20 16:52:18 | 000,000,000 | ---- | C] () -- C:\Users\Steffie\defogger_reenable
[2011.11.20 15:22:24 | 000,000,794 | ---- | C] () -- C:\Users\Steffie\Desktop\mbam-log-2011-11-20 (15-22-16).lnk
[2011.11.20 13:32:44 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.18 11:13:43 | 002,429,542 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:31 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011.11.18 10:10:31 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011.11.18 10:10:30 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011.11.18 10:10:30 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011.11.18 10:10:30 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011.11.18 10:10:30 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011.11.18 10:10:30 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011.11.18 10:10:30 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011.11.18 10:10:30 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011.11.18 10:10:30 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011.11.18 10:10:30 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011.11.18 10:10:29 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011.11.18 10:10:29 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011.11.18 10:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011.11.18 10:09:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011.11.18 09:57:49 | 000,071,618 | ---- | C] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.17 21:28:35 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.17 21:28:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.17 21:28:13 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.04.28 17:40:04 | 000,000,680 | ---- | C] () -- C:\Users\Steffie\AppData\Local\d3d9caps.dat
[2011.04.05 15:13:32 | 000,123,244 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.27 17:22:17 | 000,001,940 | ---- | C] () -- C:\Users\Steffie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.07.31 08:33:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.31 08:33:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.12 09:19:32 | 000,034,304 | ---- | C] () -- C:\Users\Steffie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.07 11:20:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.01 14:27:01 | 000,000,582 | ---- | C] () -- C:\Windows\eReg.dat
[2008.08.29 13:00:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 12:07:44 | 000,831,342 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.08.08 13:56:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.04.16 12:11:34 | 000,635,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,130,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.02.11 04:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 04:34:47 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 04:34:47 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 04:34:47 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.12.28 04:59:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,373,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,602,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,106 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 16:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
 
========== LOP Check ==========
 
[2008.11.13 10:38:47 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Academic Software Zurich
[2011.08.25 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoft
[2011.07.16 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.11 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\gtk-2.0
[2008.08.29 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ
[2008.08.29 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ Toolbar
[2011.11.20 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.22 08:27:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.13 10:38:47 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Academic Software Zurich
[2008.11.06 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Adobe
[2011.02.06 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Apple Computer
[2011.08.25 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoft
[2011.07.16 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.11 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\gtk-2.0
[2008.08.29 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ
[2008.08.29 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ Toolbar
[2008.08.29 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Identities
[2008.08.29 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Macromedia
[2011.11.20 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Media Center Programs
[2011.08.21 21:22:36 | 000,000,000 | --SD | M] -- C:\Users\Steffie\AppData\Roaming\Microsoft
[2008.08.29 12:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Mozilla
[2011.11.16 03:00:49 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Skype
[2008.08.29 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Symantec
[2011.11.20 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2008.09.22 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\vlc
[2008.08.29 12:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2008.09.16 12:05:39 | 000,010,134 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\ARPPRODUCTICON.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_0068B077AFDF4F14913EF2B7D0012422.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_DE8DC033F69A4FE5B06ADACA24AB087B.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4_DE8DC033F69A4FE5B06ADACA24AB087B_2.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut6_DE8DC033F69A4FE5B06ADACA24AB087B.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
--- --- ---
Alt 22.11.2011, 18:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Zitat:
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Wieso müllst du dir das System mit nutzlosen Toolbars zu?
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2011, 08:42   #11
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Ok wird gemacht! Vielen vielen Dank erstmal. Bin ich das ganze jetzt los? Ist es sinnvoll die Quarantaeneliste zu loeschen? Kann ich mir das ganze ueber nen infizierten USB wieder einfangen? Kann es sein dass der Virus auch auf meiner Digitalkamera is?

Liebe Gruesse

Alt 23.11.2011, 09:01   #12
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Und ich nehme an, es ist moeglich, dass ich ihn per USB weitergegeben habe?
Geändert von Tacko89 (23.11.2011 um 09:24 Uhr)

Alt 23.11.2011, 09:52   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Nein dass wir durch sind hab ich nichtmal angedeutet.
Mach ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2011, 14:46   #14
Tacko89
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2011 13:22:11 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Steffie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,45% Memory free
6,19 Gb Paging File | 5,03 Gb Available in Paging File | 81,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,05 Gb Free Space | 36,11% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 105,92 Gb Free Space | 99,29% Space Free | Partition Type: NTFS
 
Computer Name: STEFFIE-PC | User Name: Steffie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.20 16:42:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffie\Downloads\OTL.exe
PRC - [2011.11.11 12:59:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.04.01 10:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011.04.01 10:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.16 01:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 00:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 01:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.31 05:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.09.01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
PRC - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.05.26 16:12:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\Windows\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 10:07:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.21 10:06:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.21 10:06:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.21 10:03:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.21 10:02:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2008.11.13 10:38:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.11.13 10:38:04 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2008.11.13 10:38:03 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.10.18 03:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.05.14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2006.12.28 14:05:14 | 000,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56spn.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56itl.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56ger.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56fra.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56eng.dll
MOD - [2005.05.26 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\sm56brz.dll
MOD - [2005.05.26 16:12:26 | 000,049,152 | ---- | M] () -- C:\Windows\sm56jpn.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56cht.dll
MOD - [2005.05.26 16:12:26 | 000,045,056 | ---- | M] () -- C:\Windows\sm56chs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.11 12:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.05.20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.19 18:02:29 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007.02.19 18:02:29 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.17 21:53:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111122.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.11.17 21:53:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.17 21:53:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.11.17 21:53:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111122.003\NAVENG.SYS -- (NAVENG)
DRV - [2011.11.17 16:04:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111119.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011.11.14 19:31:30 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.05.20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.01.13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.13 09:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.24 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 01:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.05.26 16:19:18 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.03.11 15:17:34 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lokalisten.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.11.22 07:42:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFBFF7B2-FAD5-4108-A6F3-186B35B87588}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{822bb456-d2f9-11df-bc5f-002215895bf8}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.clmp3enc - C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.22 15:35:01 | 000,000,000 | ---D | C] -- C:\Users\Steffie\Desktop\Logs
[2011.11.21 12:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.20 19:31:55 | 000,000,000 | ---D | C] -- C:\Users\Steffie\Desktop\Antivirenprogramme
[2011.11.20 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\Malwarebytes
[2011.11.20 14:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.20 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.20 14:00:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.20 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 13:33:17 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.20 13:33:15 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.20 13:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.20 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.20 13:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.20 13:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.20 13:28:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.18 10:10:31 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symtdiv.sys
[2011.11.18 10:10:31 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symnets.sys
[2011.11.18 10:10:30 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.sys
[2011.11.18 10:10:30 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.sys
[2011.11.18 10:10:30 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.sys
[2011.11.18 10:10:30 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.sys
[2011.11.18 10:10:29 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\ironx86.sys
[2011.11.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1206000.01D
[2011.11.17 21:28:35 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.17 21:25:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.11.17 21:25:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.11.17 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011.10.28 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Steffie\{517fbef0-afaa-458b-9049-5228477d34c9}
[2007.01.24 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.23 13:05:50 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.11.23 13:04:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 13:04:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 13:04:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.23 13:04:16 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.21 22:55:54 | 002,646,012 | ---- | M] () -- C:\Users\Steffie\Desktop\Verlauf.mcf
[2011.11.21 19:53:48 | 000,000,794 | ---- | M] () -- C:\Users\Steffie\Desktop\mbam-log-2011-11-20 (15-22-16).lnk
[2011.11.20 16:52:18 | 000,000,000 | ---- | M] () -- C:\Users\Steffie\defogger_reenable
[2011.11.19 11:54:48 | 000,635,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.19 11:54:48 | 000,602,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.19 11:54:48 | 000,130,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.19 11:54:48 | 000,107,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.18 11:15:59 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.11.18 11:15:00 | 002,429,542 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:32 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.11.18 10:10:32 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.18 10:10:32 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.18 09:56:30 | 000,071,618 | ---- | M] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.11 12:59:36 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.11 12:59:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2011.11.21 22:55:50 | 002,646,012 | ---- | C] () -- C:\Users\Steffie\Desktop\Verlauf.mcf
[2011.11.20 16:52:18 | 000,000,000 | ---- | C] () -- C:\Users\Steffie\defogger_reenable
[2011.11.20 15:22:24 | 000,000,794 | ---- | C] () -- C:\Users\Steffie\Desktop\mbam-log-2011-11-20 (15-22-16).lnk
[2011.11.20 13:32:44 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.18 11:13:43 | 002,429,542 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011.11.18 10:10:31 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011.11.18 10:10:31 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011.11.18 10:10:30 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011.11.18 10:10:30 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011.11.18 10:10:30 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011.11.18 10:10:30 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011.11.18 10:10:30 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011.11.18 10:10:30 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011.11.18 10:10:30 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011.11.18 10:10:30 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011.11.18 10:10:30 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011.11.18 10:10:29 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011.11.18 10:10:29 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011.11.18 10:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011.11.18 10:09:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011.11.18 09:57:49 | 000,071,618 | ---- | C] () -- C:\Users\Steffie\Desktop\Sans titre 1.jpg
[2011.11.17 21:28:35 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.11.17 21:28:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.17 21:28:13 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.04.28 17:40:04 | 000,000,680 | ---- | C] () -- C:\Users\Steffie\AppData\Local\d3d9caps.dat
[2011.04.05 15:13:32 | 000,123,244 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.27 17:22:17 | 000,001,940 | ---- | C] () -- C:\Users\Steffie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.07.31 08:33:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.31 08:33:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.12 09:19:32 | 000,034,304 | ---- | C] () -- C:\Users\Steffie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.07 11:20:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.01 14:27:01 | 000,000,582 | ---- | C] () -- C:\Windows\eReg.dat
[2008.08.29 13:00:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.29 12:07:44 | 000,831,342 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.08.08 13:56:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.04.16 12:11:34 | 000,635,844 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,130,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.02.11 04:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 04:34:47 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 04:34:47 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 04:34:47 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.12.28 04:59:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,373,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,602,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,106 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 16:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 16:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 16:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
 
========== LOP Check ==========
 
[2008.11.13 10:38:47 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Academic Software Zurich
[2011.08.25 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoft
[2011.07.16 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.11 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\gtk-2.0
[2008.08.29 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ
[2008.08.29 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ Toolbar
[2011.11.20 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2011.11.23 13:02:58 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.13 10:38:47 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Academic Software Zurich
[2008.11.06 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Adobe
[2011.02.06 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Apple Computer
[2011.08.25 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoft
[2011.07.16 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.11 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\gtk-2.0
[2008.08.29 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ
[2008.08.29 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\ICQ Toolbar
[2008.08.29 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Identities
[2008.08.29 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Macromedia
[2011.11.20 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Media Center Programs
[2011.08.21 21:22:36 | 000,000,000 | --SD | M] -- C:\Users\Steffie\AppData\Roaming\Microsoft
[2008.08.29 12:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Mozilla
[2011.11.16 03:00:49 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Skype
[2008.08.29 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Symantec
[2011.11.20 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\TuneUp Software
[2008.09.22 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\vlc
[2008.08.29 12:58:18 | 000,000,000 | ---D | M] -- C:\Users\Steffie\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2008.09.16 12:05:39 | 000,010,134 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\ARPPRODUCTICON.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_0068B077AFDF4F14913EF2B7D0012422.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_DE8DC033F69A4FE5B06ADACA24AB087B.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:38 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4_DE8DC033F69A4FE5B06ADACA24AB087B_2.exe
[2008.09.16 12:05:39 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut6_DE8DC033F69A4FE5B06ADACA24AB087B.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
[2008.09.16 12:05:39 | 000,025,214 | R--- | M] () -- C:\Users\Steffie\AppData\Roaming\Microsoft\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
--- --- ---
Alt 23.11.2011, 15:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Standard

PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lokalisten.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2011.11.23 13:05:50 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards
antivirus, bho, bingbar, bonjour, browser, conduit, converter, desktop, dringend, error, excel, firefox, flash player, home, install.exe, installation, intrusion prevention, logfile, maßnahme, microsoft office word, mp3, office 2007, ordnerverknüpfungen, realtek, registry, scan, security, security update, shell32.dll, software, symantec, usb, version=1.0, virus, vista


« Autologin Adminkonto im laufenden Betrieb (Win XP) | emailversand über Adressbuch »


Ähnliche Themen: PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards


  1. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  2. Virus erstellt Verknüpfungen auf externen Geräten und setzt MP3 Player außer Gefecht
    Log-Analyse und Auswertung - 22.04.2015 (10)
  3. Auf dem USB Stick werden nur noch Verknüpfungen von Ordnern erstellt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (20)
  4. Virus erstellt Verknüpfungen - Teil II
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (29)
  5. Windows 8.1: USB-Stick erstellt noch nur Verknüpfungen - Datensicherung
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (22)
  6. Virus/Trojaner erstellt Verknüpfungen auf USB-Sticks
    Plagegeister aller Art und deren Bekämpfung - 20.06.2014 (21)
  7. Win 7: USB-Stick erstellt nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (13)
  8. Windows 7 - USB-Stick erstellt nur noch Verknüpfungen Scans bisher erfolglos
    Log-Analyse und Auswertung - 14.02.2014 (17)
  9. Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner
    Log-Analyse und Auswertung - 14.01.2014 (23)
  10. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  11. USB nur noch Verknüpfungen
    Log-Analyse und Auswertung - 11.10.2012 (1)
  12. Root:\84612796\DCIM.exe macht aus Ordnern Verknüpfungen zu DCIM.exe
    Log-Analyse und Auswertung - 10.01.2012 (3)
  13. USB Stick erstellt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (10)
  14. WIN7 erstellt Verknüpfungen auf USB Laufwerken
    Plagegeister aller Art und deren Bekämpfung - 13.10.2011 (5)
  15. Verknüpfungen anstelle Ordnern auf externen Speichermedien
    Log-Analyse und Auswertung - 27.06.2011 (2)
  16. VBS Scriptvirus - erstellt viele Verknüpfungen und laesst sich mit AntiVir nicht beheben
    Log-Analyse und Auswertung - 13.04.2011 (31)
  17. Escan Erstellt Ordnern
    Antiviren-, Firewall- und andere Schutzprogramme - 27.01.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards - Hallo! Mein PC erstellt mir nur noch Verknüpfungen von Ordnern, die sich auf dem USB-Stick oder der Memory Card meiner Kamera befinden. Ich habe eine JPEG-Datei bei facebook öffnen wollen - PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards...
Archiv
Du betrachtest: PC erstellt nur noch Verknüpfungen von Ordnern auf USB, Memory Cards auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131