BKA Virus Hilfe

mf21 · 22.11.2011, 22:36

hallo hab mir gestern ebenfalls das bka virus eingefangen...
habe malware schon ausgeführt nun weiss ich nich was bei otl gemacht werden muss hab es ebenfalls durchgeführt.. und nun ja da hab ich jetzt 2 editor dateien ...
kenn mich leider nicht sehr mit dem ganzen aus also tut mir leid wenn ich hier sehr amateur klinge

kira · 23.11.2011, 11:03

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► berichte auch über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

2.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

mf21 · 23.11.2011, 18:13

Also auf Viren habe ich es schon geprüft hier einmal die Logdatei zu Malware... weiss nicht ob ich das mit dem Tag hinkriege

man hat mir aber gesagt ich solle die entfernen und ja das hab ich getan und bei der nächsten untersuchung kam dann das zweite raus

mf21 · 23.11.2011, 18:23

Malware 2. Untersuchung

mf21 · 23.11.2011, 18:33

hier ist CCleaner im anhang

mf21 · 23.11.2011, 18:34

ach und probleme sind mir nicht aufgefallen nicht das ich wüsste

aufjedenfall ist der bka virus nach der systemwiderherstellung verschwunden also mein desktop streikt zumindest nicht

kira · 24.11.2011, 05:38

Den Rechner von unnötiger Ballast & Adware zu befreien (aufräumen und ausmisten), würde ich Dir noch folgende Maßnahmen vorschlagen:

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Wenn nicht bewusst installiert hast bzw nicht benötigst, kannst deinstallieren (unter Software):

Code:

ATTFilter

Bing Bar 
-> Bing Bar aus Firefox und Internet Explorer entfernen

Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, ICQ usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers

Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...
- meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

3.

Zitat:

Messenger Plus! 5
Messenger Plus! Live:

Zur Kategorie des Unsicheren gehört! Hast Du während der Installation der von Programm "zusätzlich" angebotenen Software abgewählt? Nämlich da neben der eigentlichen Software auch Adware -Programm wird (mit)installiert
Wenn du unbedingt möchtest (nicht empfohlen, da es absolut nicht nötig ist und dein MSN davon nicht betroffen), kannst du nochmal installieren, aber alles genau durchlesen, und Partnerprogrammen, Sponsoren etc möglichst abwählen![/b][/size][/quote]
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen!

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z1i5t46k1o73n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z1i5t46k1o73n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z1i5t46k1o73n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z1i5t46k1o73n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z1i5t46k1o73n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_2_161.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010.11.23 12:08:12 | 000,000,935 | ---- | M] () -- C:\Users\Fahriye\AppData\Roaming\Mozilla\Firefox\Profiles\brdzo1nn.default\searchplugins\conduit.xml
[2011.11.21 22:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.09 10:09:37 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.11.11 12:40:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.02 23:19:27 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.11.11 12:40:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll
CHR - Extension: Babylon Chrome OCR = C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a53c6d55-e336-11df-ade9-00262dabb1de}\Shell - "" = AutoRun
O33 - MountPoints2\{a53c6d55-e336-11df-ade9-00262dabb1de}\Shell\AutoRun\command - "" = E:\shelexec.exe start.html
O33 - MountPoints2\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\Shell - "" = AutoRun
O33 - MountPoints2\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\Shell\AutoRun\command - "" = E:\shelexec.exe start.html
[2011.11.22 21:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.22 10:55:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

8.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

mf21 · 24.11.2011, 17:09

Alles erledigt unnötige sachen gelöscht und hier sind die Logfiles

zunächst Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8231

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

24.11.2011 16:40:16
mbam-log-2011-11-24 (16-40-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 341496
Laufzeit: 1 Stunde(n), 55 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

mf21 · 24.11.2011, 17:13

Jetzt OTL

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Fahriye\AppData\Roaming\Mozilla\FireFox\Profiles\brdzo1nn.default\user.js moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\Fahriye\AppData\Roaming\Mozilla\Firefox\Profiles\brdzo1nn.default\searchplugins\conduit.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll moved successfully.
C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll moved successfully.
File C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll not found.
C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a53c6d55-e336-11df-ade9-00262dabb1de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a53c6d55-e336-11df-ade9-00262dabb1de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a53c6d55-e336-11df-ade9-00262dabb1de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a53c6d55-e336-11df-ade9-00262dabb1de}\ not found.
File E:\shelexec.exe start.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a68d605d-1a6c-11e0-83ae-00262dabb1de}\ not found.
File E:\shelexec.exe start.html not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fahriye
->Temp folder emptied: 2417165 bytes
->Temporary Internet Files folder emptied: 3511523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39007932 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
 
User: Gast
->Temp folder emptied: 14980723 bytes
->Temporary Internet Files folder emptied: 219234478 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 183203142 bytes
->Flash cache emptied: 36730 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 441,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11242011_164037

Files\Folders moved on Reboot...
C:\Users\Fahriye\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

mf21 · 24.11.2011, 17:34

und hier Schritt 8

Code:

ATTFilter

OTL logfile created on: 24.11.2011 17:14:39 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Fahriye\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,49% Memory free
7,73 Gb Paging File | 6,02 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,81 Gb Total Space | 181,82 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
 
Computer Name: FAHRIYE-PC | User Name: Fahriye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.24 15:28:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fahriye\Downloads\OTL.exe
PRC - [2011.11.11 12:40:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.01.31 12:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.11.23 17:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.11.15 13:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.02.26 07:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.26 07:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.12.25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.12.24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.24 01:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 12:40:52 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.14 09:09:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 09:09:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.14 09:08:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.14 09:08:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.14 09:08:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 09:08:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 09:08:29 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 09:08:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.01.31 12:17:32 | 000,129,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\plugins\nps.dll
MOD - [2011.01.31 12:15:08 | 002,551,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.01.31 12:15:08 | 002,277,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.01.31 12:15:08 | 000,912,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.01.31 12:15:08 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011.01.31 12:15:08 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011.01.31 12:15:06 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.01.31 12:15:06 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.01.31 12:15:06 | 002,186,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.01.31 12:15:06 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.01.31 12:15:06 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.01.31 12:15:06 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.01.31 12:15:06 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.01.31 12:15:06 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.01.31 11:54:42 | 000,790,016 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.01.31 11:52:56 | 000,345,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.01.31 11:52:56 | 000,180,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011.01.31 11:52:56 | 000,028,040 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011.01.31 11:52:00 | 000,680,448 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010.11.15 13:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010.11.15 13:41:18 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010.11.15 09:13:00 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010.11.15 09:12:46 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010.11.15 09:12:46 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.23 17:34:40 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010.09.23 17:25:08 | 000,912,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010.09.23 17:24:02 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010.09.23 17:23:50 | 002,277,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2010.03.09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.05.20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2005.07.20 10:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.16 19:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.02.01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.12.24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.04 13:19:43 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011.05.04 13:19:43 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011.05.04 13:19:43 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011.05.04 13:19:43 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.04.07 19:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.17 18:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.22 05:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.10.16 11:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 A7 F6 08 D6 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.02.09 21:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.11.21 22:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.21 22:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.24 16:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.02.09 21:03:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.05.05 12:59:35 | 000,000,000 | ---D | M]
 
[2010.10.20 16:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Extensions
[2011.11.21 22:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions
[2011.11.21 22:02:54 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011.09.06 19:29:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.21 17:43:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\engine@conduit.com
[2010.11.12 18:10:52 | 000,001,819 | ---- | M] () -- C:\Users\Fahriye\AppData\Roaming\Mozilla\Firefox\Profiles\brdzo1nn.default\searchplugins\bing.xml
() (No name found) -- C:\USERS\FAHRIYE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BRDZO1NN.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011.11.11 12:40:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.24 15:16:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 12:40:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 12:40:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 12:40:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.11 12:40:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [msnmsgr] "C:\PROGRA~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" /background File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82569D03-E711-4FAB-AF8B-A274C41764BD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.24 16:40:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.24 15:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.24 15:16:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.24 15:16:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.24 15:16:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.24 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BED05D29-F1D5-4266-8481-31EB5D20FCD0}
[2011.11.24 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F8D18F68-AC30-41D4-AAEB-1C4CC4908C72}
[2011.11.23 18:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.23 18:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.23 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C15FAB69-0747-4259-BD76-2E850B7B5C9E}
[2011.11.23 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0960DECD-8E56-4692-B113-785DFA1569D9}
[2011.11.22 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Malwarebytes
[2011.11.22 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.22 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.22 21:40:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.22 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.22 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0F7465F2-2E2F-498A-8557-2E8BA2060F6F}
[2011.11.22 14:47:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{915002DF-803A-424F-AAC4-D2B2529A5813}
[2011.11.22 10:04:44 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.11.22 10:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.11.21 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{02CF42B8-571C-4AAE-A958-C5802D254E86}
[2011.11.21 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{7612B3EB-9B3F-404C-87A7-950D795FC9C9}
[2011.11.21 20:32:43 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3B901C39-4455-4529-B5D7-1A5FEDCDD4AE}
[2011.11.21 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{AE340385-A233-4D9B-826D-E657883316E6}
[2011.11.21 19:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.21 19:52:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4FEF4D21-BF42-4D88-9C9F-82DBB069FE13}
[2011.11.21 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A83C923D-D16A-4D49-9596-D6F8D246D77A}
[2011.11.20 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\Desktop\Bewerbung
[2011.11.20 14:13:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Sun
[2011.11.20 14:07:33 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{86226CBA-CF89-494F-BBF3-5ED2E8CEFF40}
[2011.11.20 14:07:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{30F94CBB-70F3-43FB-8B73-1E33AD688E0A}
[2011.11.19 23:43:27 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{18FF6C68-3BB7-4B00-ADCA-1BB8A4FBDFC8}
[2011.11.19 23:43:02 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{38B9F4A6-60E2-4CA2-BEF4-AFFB0D04CE16}
[2011.11.19 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A8D3A7C0-3974-4CB2-968F-8350B47EE18C}
[2011.11.19 11:41:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F273D916-7803-48CE-B68D-20C6F9274A40}
[2011.11.18 14:22:04 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5FACB273-F757-4B01-970C-372270DA123D}
[2011.11.18 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{B6092D4C-7B4C-40AE-9FBE-1C1D357C4081}
[2011.11.17 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{88B2F0A8-F250-478E-8BE9-E32D2E6532C9}
[2011.11.17 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4BD2A8D4-208A-4141-B1DD-EBB051EF6F0B}
[2011.11.16 21:44:18 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{634F59A1-0C3C-4C80-9513-14C1380120BB}
[2011.11.16 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{1FE8CD2F-47E4-4D87-B591-4A88486534C9}
[2011.11.16 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{E42FA0A3-3C36-461E-B627-DD9718732A92}
[2011.11.16 09:12:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{6F9EB2F1-95BF-4D52-BE95-3215ACADA48F}
[2011.11.15 12:26:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{56C04265-7D4A-482A-894F-FAD3EA748BAB}
[2011.11.15 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4ABD9D4C-A34D-484B-B22F-E3DFDB862CA6}
[2011.11.14 16:38:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{2100003F-EA6B-4FAE-9B8D-11CBD80BAA40}
[2011.11.14 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{531B4633-2A26-45C3-9847-EB6497F1714B}
[2011.11.13 12:08:58 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A4C84184-BCA8-4F10-A7E3-135D45D032C0}
[2011.11.13 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{B53BC0C3-17B6-4E9F-8CAD-B095D90AA081}
[2011.11.12 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{27FF69C7-E5BB-4381-9F7C-9ECA36C30413}
[2011.11.12 22:01:13 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{36A59CBE-D6DA-499A-B263-673913D7FD06}
[2011.11.12 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{9795F9AB-7BBA-4D96-AF7E-F95414F2D077}
[2011.11.12 10:00:29 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{E93E8A45-A5B7-47A8-900F-8B26A7281ECC}
[2011.11.11 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F89AC7FF-29BA-494C-85CB-D078756B3C91}
[2011.11.11 21:59:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3941657D-E038-4B0B-89D9-C253AB3D30C7}
[2011.11.11 09:58:32 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{AE48CE6B-86D6-497D-8E49-3CFE8316C2E7}
[2011.11.11 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C46DA3B4-947F-4F27-9848-CE9ABB7D7EE5}
[2011.11.10 21:34:13 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5C703F63-BC12-42CF-8812-98E32000051E}
[2011.11.10 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A43CF3C4-A77C-4AF5-9A4B-79880121E3B9}
[2011.11.10 15:19:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3E028CB2-892B-478E-B425-D24AD599F128}
[2011.11.09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{07EBA946-823D-457A-A61F-BE9C69930BD0}
[2011.11.09 16:01:53 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{ABBA271A-64A4-4F65-BD7C-2819F6F63136}
[2011.11.08 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BC02946F-57BF-42FD-909F-AE45E4EB5948}
[2011.11.08 11:51:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{766A505D-FA89-4034-9779-43B12105290D}
[2011.11.07 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C07C9686-ACF4-4125-B33F-033709323BFC}
[2011.11.07 15:52:59 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0BE6C089-78B1-49AD-9229-8F3B3379FA20}
[2011.11.06 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{FF0E42B4-EBD1-4D19-9CB8-FACBE6A17772}
[2011.11.06 17:48:56 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5AFE067A-ADFE-4769-AC55-7821C4524478}
[2011.11.05 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{55E51630-300D-4EC3-8B15-93BDEDDA3BDE}
[2011.11.05 15:46:17 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5281980C-6EFD-476A-8A7E-B3136F93227A}
[2011.11.04 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{01C99A39-BAB4-47E9-8A92-9FC715B5CDBE}
[2011.11.04 12:18:21 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{721FA7DD-C414-4D45-ADBD-B87657BAC4DF}
[2011.11.03 18:24:34 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{DD7F3678-5D8F-4612-9A3B-B0A6AD7D66A6}
[2011.11.03 18:24:08 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{43138EFC-E8AB-4550-A234-B523E7897D0C}
[2011.11.02 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{61D79465-2289-4C4E-B3FA-042ADC76BB46}
[2011.11.02 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5B7969C1-2687-45E7-8A8E-63B7CD70DEC4}
[2011.11.02 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{1680F300-40F1-40BF-B79D-E7D385B718F8}
[2011.11.02 17:31:04 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{ED911A68-ABA8-40CB-87C4-1BFF65CACD7F}
[2011.11.01 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4224D90F-4222-4D6C-9F78-260A2ACC8FC4}
[2011.11.01 21:45:50 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F0FC93C2-E303-48F8-AAC7-967A2998B735}
[2011.11.01 09:45:03 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F6F6F366-131F-4DA0-BE09-7960DE728043}
[2011.11.01 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{39AF969D-9E69-47FE-91C8-09525550558E}
[2011.10.31 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{15FFAAED-D606-4CB2-9854-E55B1936040E}
[2011.10.31 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A3D27557-BEAB-4222-AF4D-6941F09AFF50}
[2011.10.30 21:42:15 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{74770B7B-AAB4-4401-9D93-F2D39041EBBA}
[2011.10.30 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{6449CDFB-99E3-412F-A3B9-AEB751AC31D9}
[2011.10.30 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3B5FE26A-CCBA-47AF-B4E9-DF0748190194}
[2011.10.30 09:40:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BC36F856-48CB-4667-ADC1-F39D73684DED}
[2011.10.29 13:44:35 | 000,000,000 | ---D | C] -- C:\output
[2011.10.29 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{336BED5B-E8A0-4749-8396-A8B7322DA93C}
[2011.10.29 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F9913922-427F-46F4-91D9-A9998D3CC9D0}
[2011.10.28 11:47:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{EC6502C0-09D0-4E84-8E9E-7008ADE95573}
[2011.10.28 11:47:17 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BE1DF8C2-E4DB-4E2F-954C-9EA2F904D1D0}
[2011.10.27 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{7DAC2A85-4400-4106-93B4-8458F5732541}
[2011.10.27 13:30:21 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{230F1BA7-9410-4434-8F0A-3CBFEDB55E58}
[2011.10.26 15:20:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A33C07A3-CE34-4DA3-B418-BD9DC7DEC418}
[2011.10.26 15:19:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{216514F9-A787-4C9D-823F-B9E366777C1B}
[2010.12.09 10:15:47 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 17:00:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 17:00:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 16:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.24 16:52:28 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.24 15:23:17 | 000,231,858 | ---- | M] () -- C:\Users\Fahriye\Documents\cc_20111124_152250.reg
[2011.11.24 15:16:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.24 15:16:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.24 15:16:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.24 15:16:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.23 18:57:12 | 001,561,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 18:57:12 | 000,677,668 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 18:57:12 | 000,639,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 18:57:12 | 000,137,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 18:57:12 | 000,114,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 18:28:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.22 21:40:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 11:19:42 | 000,885,090 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\census.cache
[2011.11.22 11:18:51 | 000,116,521 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\ars.cache
[2011.11.22 11:07:58 | 000,000,036 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\housecall.guid.cache
[2011.11.22 10:04:44 | 000,002,985 | ---- | M] () -- C:\Users\Fahriye\Desktop\HiJackThis.lnk
[2011.11.22 10:02:35 | 001,402,880 | ---- | M] () -- C:\Users\Fahriye\Desktop\HiJackThis-2-04.msi
[2011.11.10 15:18:10 | 000,368,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.01 22:07:28 | 001,213,330 | ---- | M] () -- C:\Users\Fahriye\Desktop\Desktop.rar
[2011.10.29 13:26:56 | 000,019,037 | ---- | M] () -- C:\Users\Fahriye\Documents\Weingarten.odt
 
========== Files Created - No Company Name ==========
 
[2011.11.24 15:22:58 | 000,231,858 | ---- | C] () -- C:\Users\Fahriye\Documents\cc_20111124_152250.reg
[2011.11.23 18:28:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.22 21:40:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 11:19:42 | 000,885,090 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\census.cache
[2011.11.22 11:18:51 | 000,116,521 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\ars.cache
[2011.11.22 11:02:40 | 000,000,036 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\housecall.guid.cache
[2011.11.22 10:04:44 | 000,002,985 | ---- | C] () -- C:\Users\Fahriye\Desktop\HiJackThis.lnk
[2011.11.22 10:02:30 | 001,402,880 | ---- | C] () -- C:\Users\Fahriye\Desktop\HiJackThis-2-04.msi
[2011.11.01 22:07:27 | 001,213,330 | ---- | C] () -- C:\Users\Fahriye\Desktop\Desktop.rar
[2011.10.29 13:26:54 | 000,019,037 | ---- | C] () -- C:\Users\Fahriye\Documents\Weingarten.odt
[2011.04.07 13:15:27 | 000,007,606 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\Resmon.ResmonCfg
[2011.02.15 22:47:25 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.01.09 21:06:00 | 001,588,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.09 10:15:47 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2010.12.09 10:15:47 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2010.12.09 10:15:46 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2010.10.20 16:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.31 18:48:25 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.31 18:47:20 | 000,001,741 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.05.31 09:33:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.05.31 09:09:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.25 05:59:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.03.25 05:57:49 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010.03.25 05:57:49 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010.03.25 05:57:49 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.09.19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2011.02.20 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\AVG10
[2011.09.25 21:15:53 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\DVDVideoSoft
[2011.04.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.08 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\GetRightToGo
[2011.11.24 16:40:58 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze
[2011.02.09 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Nokia
[2011.02.09 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 20:32:14 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\OpenOffice.org
[2011.02.09 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PC Suite
[2011.11.21 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PhotoScape
[2011.02.21 15:02:32 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PixelPlanet
[2011.11.24 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\SoftGrid Client
[2011.01.09 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\TP
[2011.09.25 09:18:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

den 9. Schritt muss ich den ebenfalls durchführen..
das ist der selbe wie Schritt 8???

mf21 · 24.11.2011, 17:36

und hier Schritt 8

Code:

ATTFilter

OTL logfile created on: 24.11.2011 17:14:39 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Fahriye\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,49% Memory free
7,73 Gb Paging File | 6,02 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,81 Gb Total Space | 181,82 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
 
Computer Name: FAHRIYE-PC | User Name: Fahriye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.24 15:28:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fahriye\Downloads\OTL.exe
PRC - [2011.11.11 12:40:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.01.31 12:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.11.23 17:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.11.15 13:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.02.26 07:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.26 07:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.12.25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.12.24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.24 01:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 12:40:52 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.14 09:09:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 09:09:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.14 09:08:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.14 09:08:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.14 09:08:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 09:08:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 09:08:29 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 09:08:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.01.31 12:17:32 | 000,129,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\plugins\nps.dll
MOD - [2011.01.31 12:15:08 | 002,551,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.01.31 12:15:08 | 002,277,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.01.31 12:15:08 | 000,912,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.01.31 12:15:08 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011.01.31 12:15:08 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011.01.31 12:15:06 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.01.31 12:15:06 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.01.31 12:15:06 | 002,186,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.01.31 12:15:06 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.01.31 12:15:06 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.01.31 12:15:06 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.01.31 12:15:06 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.01.31 12:15:06 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.01.31 11:54:42 | 000,790,016 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.01.31 11:52:56 | 000,345,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.01.31 11:52:56 | 000,180,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011.01.31 11:52:56 | 000,028,040 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011.01.31 11:52:00 | 000,680,448 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010.11.15 13:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010.11.15 13:41:18 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010.11.15 09:13:00 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010.11.15 09:12:46 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010.11.15 09:12:46 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.23 17:34:40 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010.09.23 17:25:08 | 000,912,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010.09.23 17:24:02 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010.09.23 17:23:50 | 002,277,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2010.03.09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.05.20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2005.07.20 10:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.16 19:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.02.01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.12.24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.04 13:19:43 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011.05.04 13:19:43 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011.05.04 13:19:43 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011.05.04 13:19:43 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.04.07 19:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.17 18:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.22 05:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.10.16 11:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 A7 F6 08 D6 84 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.02.09 21:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.11.21 22:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.21 22:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.24 16:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.02.09 21:03:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.05.05 12:59:35 | 000,000,000 | ---D | M]
 
[2010.10.20 16:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Extensions
[2011.11.21 22:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions
[2011.11.21 22:02:54 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011.09.06 19:29:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.21 17:43:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\engine@conduit.com
[2010.11.12 18:10:52 | 000,001,819 | ---- | M] () -- C:\Users\Fahriye\AppData\Roaming\Mozilla\Firefox\Profiles\brdzo1nn.default\searchplugins\bing.xml
() (No name found) -- C:\USERS\FAHRIYE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BRDZO1NN.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011.11.11 12:40:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.24 15:16:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 12:40:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 12:40:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 12:40:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.11 12:40:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Fahriye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [msnmsgr] "C:\PROGRA~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" /background File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82569D03-E711-4FAB-AF8B-A274C41764BD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.24 16:40:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.24 15:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.24 15:16:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.24 15:16:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.24 15:16:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.24 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BED05D29-F1D5-4266-8481-31EB5D20FCD0}
[2011.11.24 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F8D18F68-AC30-41D4-AAEB-1C4CC4908C72}
[2011.11.23 18:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.23 18:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.23 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C15FAB69-0747-4259-BD76-2E850B7B5C9E}
[2011.11.23 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0960DECD-8E56-4692-B113-785DFA1569D9}
[2011.11.22 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Malwarebytes
[2011.11.22 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.22 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.22 21:40:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.22 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.22 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0F7465F2-2E2F-498A-8557-2E8BA2060F6F}
[2011.11.22 14:47:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{915002DF-803A-424F-AAC4-D2B2529A5813}
[2011.11.22 10:04:44 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.11.22 10:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.11.21 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{02CF42B8-571C-4AAE-A958-C5802D254E86}
[2011.11.21 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{7612B3EB-9B3F-404C-87A7-950D795FC9C9}
[2011.11.21 20:32:43 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3B901C39-4455-4529-B5D7-1A5FEDCDD4AE}
[2011.11.21 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{AE340385-A233-4D9B-826D-E657883316E6}
[2011.11.21 19:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.21 19:52:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4FEF4D21-BF42-4D88-9C9F-82DBB069FE13}
[2011.11.21 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A83C923D-D16A-4D49-9596-D6F8D246D77A}
[2011.11.20 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\Desktop\Bewerbung
[2011.11.20 14:13:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Roaming\Sun
[2011.11.20 14:07:33 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{86226CBA-CF89-494F-BBF3-5ED2E8CEFF40}
[2011.11.20 14:07:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{30F94CBB-70F3-43FB-8B73-1E33AD688E0A}
[2011.11.19 23:43:27 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{18FF6C68-3BB7-4B00-ADCA-1BB8A4FBDFC8}
[2011.11.19 23:43:02 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{38B9F4A6-60E2-4CA2-BEF4-AFFB0D04CE16}
[2011.11.19 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A8D3A7C0-3974-4CB2-968F-8350B47EE18C}
[2011.11.19 11:41:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F273D916-7803-48CE-B68D-20C6F9274A40}
[2011.11.18 14:22:04 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5FACB273-F757-4B01-970C-372270DA123D}
[2011.11.18 14:21:50 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{B6092D4C-7B4C-40AE-9FBE-1C1D357C4081}
[2011.11.17 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{88B2F0A8-F250-478E-8BE9-E32D2E6532C9}
[2011.11.17 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4BD2A8D4-208A-4141-B1DD-EBB051EF6F0B}
[2011.11.16 21:44:18 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{634F59A1-0C3C-4C80-9513-14C1380120BB}
[2011.11.16 21:43:52 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{1FE8CD2F-47E4-4D87-B591-4A88486534C9}
[2011.11.16 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{E42FA0A3-3C36-461E-B627-DD9718732A92}
[2011.11.16 09:12:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{6F9EB2F1-95BF-4D52-BE95-3215ACADA48F}
[2011.11.15 12:26:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{56C04265-7D4A-482A-894F-FAD3EA748BAB}
[2011.11.15 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4ABD9D4C-A34D-484B-B22F-E3DFDB862CA6}
[2011.11.14 16:38:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{2100003F-EA6B-4FAE-9B8D-11CBD80BAA40}
[2011.11.14 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{531B4633-2A26-45C3-9847-EB6497F1714B}
[2011.11.13 12:08:58 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A4C84184-BCA8-4F10-A7E3-135D45D032C0}
[2011.11.13 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{B53BC0C3-17B6-4E9F-8CAD-B095D90AA081}
[2011.11.12 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{27FF69C7-E5BB-4381-9F7C-9ECA36C30413}
[2011.11.12 22:01:13 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{36A59CBE-D6DA-499A-B263-673913D7FD06}
[2011.11.12 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{9795F9AB-7BBA-4D96-AF7E-F95414F2D077}
[2011.11.12 10:00:29 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{E93E8A45-A5B7-47A8-900F-8B26A7281ECC}
[2011.11.11 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F89AC7FF-29BA-494C-85CB-D078756B3C91}
[2011.11.11 21:59:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3941657D-E038-4B0B-89D9-C253AB3D30C7}
[2011.11.11 09:58:32 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{AE48CE6B-86D6-497D-8E49-3CFE8316C2E7}
[2011.11.11 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C46DA3B4-947F-4F27-9848-CE9ABB7D7EE5}
[2011.11.10 21:34:13 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5C703F63-BC12-42CF-8812-98E32000051E}
[2011.11.10 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A43CF3C4-A77C-4AF5-9A4B-79880121E3B9}
[2011.11.10 15:19:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3E028CB2-892B-478E-B425-D24AD599F128}
[2011.11.09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{07EBA946-823D-457A-A61F-BE9C69930BD0}
[2011.11.09 16:01:53 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{ABBA271A-64A4-4F65-BD7C-2819F6F63136}
[2011.11.08 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BC02946F-57BF-42FD-909F-AE45E4EB5948}
[2011.11.08 11:51:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{766A505D-FA89-4034-9779-43B12105290D}
[2011.11.07 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{C07C9686-ACF4-4125-B33F-033709323BFC}
[2011.11.07 15:52:59 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{0BE6C089-78B1-49AD-9229-8F3B3379FA20}
[2011.11.06 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{FF0E42B4-EBD1-4D19-9CB8-FACBE6A17772}
[2011.11.06 17:48:56 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5AFE067A-ADFE-4769-AC55-7821C4524478}
[2011.11.05 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{55E51630-300D-4EC3-8B15-93BDEDDA3BDE}
[2011.11.05 15:46:17 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5281980C-6EFD-476A-8A7E-B3136F93227A}
[2011.11.04 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{01C99A39-BAB4-47E9-8A92-9FC715B5CDBE}
[2011.11.04 12:18:21 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{721FA7DD-C414-4D45-ADBD-B87657BAC4DF}
[2011.11.03 18:24:34 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{DD7F3678-5D8F-4612-9A3B-B0A6AD7D66A6}
[2011.11.03 18:24:08 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{43138EFC-E8AB-4550-A234-B523E7897D0C}
[2011.11.02 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{61D79465-2289-4C4E-B3FA-042ADC76BB46}
[2011.11.02 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{5B7969C1-2687-45E7-8A8E-63B7CD70DEC4}
[2011.11.02 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{1680F300-40F1-40BF-B79D-E7D385B718F8}
[2011.11.02 17:31:04 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{ED911A68-ABA8-40CB-87C4-1BFF65CACD7F}
[2011.11.01 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{4224D90F-4222-4D6C-9F78-260A2ACC8FC4}
[2011.11.01 21:45:50 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F0FC93C2-E303-48F8-AAC7-967A2998B735}
[2011.11.01 09:45:03 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F6F6F366-131F-4DA0-BE09-7960DE728043}
[2011.11.01 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{39AF969D-9E69-47FE-91C8-09525550558E}
[2011.10.31 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{15FFAAED-D606-4CB2-9854-E55B1936040E}
[2011.10.31 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A3D27557-BEAB-4222-AF4D-6941F09AFF50}
[2011.10.30 21:42:15 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{74770B7B-AAB4-4401-9D93-F2D39041EBBA}
[2011.10.30 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{6449CDFB-99E3-412F-A3B9-AEB751AC31D9}
[2011.10.30 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{3B5FE26A-CCBA-47AF-B4E9-DF0748190194}
[2011.10.30 09:40:51 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BC36F856-48CB-4667-ADC1-F39D73684DED}
[2011.10.29 13:44:35 | 000,000,000 | ---D | C] -- C:\output
[2011.10.29 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{336BED5B-E8A0-4749-8396-A8B7322DA93C}
[2011.10.29 11:48:20 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{F9913922-427F-46F4-91D9-A9998D3CC9D0}
[2011.10.28 11:47:42 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{EC6502C0-09D0-4E84-8E9E-7008ADE95573}
[2011.10.28 11:47:17 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{BE1DF8C2-E4DB-4E2F-954C-9EA2F904D1D0}
[2011.10.27 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{7DAC2A85-4400-4106-93B4-8458F5732541}
[2011.10.27 13:30:21 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{230F1BA7-9410-4434-8F0A-3CBFEDB55E58}
[2011.10.26 15:20:09 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{A33C07A3-CE34-4DA3-B418-BD9DC7DEC418}
[2011.10.26 15:19:55 | 000,000,000 | ---D | C] -- C:\Users\Fahriye\AppData\Local\{216514F9-A787-4C9D-823F-B9E366777C1B}
[2010.12.09 10:15:47 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 17:00:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 17:00:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 16:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.24 16:52:28 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.24 15:23:17 | 000,231,858 | ---- | M] () -- C:\Users\Fahriye\Documents\cc_20111124_152250.reg
[2011.11.24 15:16:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.24 15:16:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.24 15:16:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.24 15:16:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.23 18:57:12 | 001,561,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 18:57:12 | 000,677,668 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 18:57:12 | 000,639,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 18:57:12 | 000,137,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 18:57:12 | 000,114,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 18:28:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.22 21:40:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 11:19:42 | 000,885,090 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\census.cache
[2011.11.22 11:18:51 | 000,116,521 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\ars.cache
[2011.11.22 11:07:58 | 000,000,036 | ---- | M] () -- C:\Users\Fahriye\AppData\Local\housecall.guid.cache
[2011.11.22 10:04:44 | 000,002,985 | ---- | M] () -- C:\Users\Fahriye\Desktop\HiJackThis.lnk
[2011.11.22 10:02:35 | 001,402,880 | ---- | M] () -- C:\Users\Fahriye\Desktop\HiJackThis-2-04.msi
[2011.11.10 15:18:10 | 000,368,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.01 22:07:28 | 001,213,330 | ---- | M] () -- C:\Users\Fahriye\Desktop\Desktop.rar
[2011.10.29 13:26:56 | 000,019,037 | ---- | M] () -- C:\Users\Fahriye\Documents\Weingarten.odt
 
========== Files Created - No Company Name ==========
 
[2011.11.24 15:22:58 | 000,231,858 | ---- | C] () -- C:\Users\Fahriye\Documents\cc_20111124_152250.reg
[2011.11.23 18:28:10 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.22 21:40:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 11:19:42 | 000,885,090 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\census.cache
[2011.11.22 11:18:51 | 000,116,521 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\ars.cache
[2011.11.22 11:02:40 | 000,000,036 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\housecall.guid.cache
[2011.11.22 10:04:44 | 000,002,985 | ---- | C] () -- C:\Users\Fahriye\Desktop\HiJackThis.lnk
[2011.11.22 10:02:30 | 001,402,880 | ---- | C] () -- C:\Users\Fahriye\Desktop\HiJackThis-2-04.msi
[2011.11.01 22:07:27 | 001,213,330 | ---- | C] () -- C:\Users\Fahriye\Desktop\Desktop.rar
[2011.10.29 13:26:54 | 000,019,037 | ---- | C] () -- C:\Users\Fahriye\Documents\Weingarten.odt
[2011.04.07 13:15:27 | 000,007,606 | ---- | C] () -- C:\Users\Fahriye\AppData\Local\Resmon.ResmonCfg
[2011.02.15 22:47:25 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.01.09 21:06:00 | 001,588,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.09 10:15:47 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2010.12.09 10:15:47 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2010.12.09 10:15:46 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2010.10.20 16:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.31 18:48:25 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.31 18:47:20 | 000,001,741 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.05.31 09:33:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.05.31 09:09:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.25 05:59:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.03.25 05:57:49 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010.03.25 05:57:49 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010.03.25 05:57:49 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.09.19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2011.02.20 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\AVG10
[2011.09.25 21:15:53 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\DVDVideoSoft
[2011.04.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.08 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\GetRightToGo
[2011.11.24 16:40:58 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Gutscheinmieze
[2011.02.09 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Nokia
[2011.02.09 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 20:32:14 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\OpenOffice.org
[2011.02.09 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PC Suite
[2011.11.21 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PhotoScape
[2011.02.21 15:02:32 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\PixelPlanet
[2011.11.24 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\SoftGrid Client
[2011.01.09 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Fahriye\AppData\Roaming\TP
[2011.09.25 09:18:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

den 9. Schritt muss ich den ebenfalls durchführen..
das ist der selbe wie Schritt 8???

mf21 · 24.11.2011, 17:39

und hier zudem noch die Extras Logfile vom 8. Schritt

Code:

ATTFilter

OTL Extras logfile created on: 24.11.2011 17:14:39 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Fahriye\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,49% Memory free
7,73 Gb Paging File | 6,02 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,81 Gb Total Space | 181,82 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
 
Computer Name: FAHRIYE-PC | User Name: Fahriye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AP Tuner 3.08" = AP Tuner 3.08
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2011 09:14:04 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
 Zeitstempel: 0x4eb4a91a  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
 Zeitstempel: 0x4e5d6c64  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x000bca7f  ID des fehlerhaften
 Prozesses: 0x1248  Startzeit der fehlerhaften Anwendung: 0x01cca7862ee00209  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
 84d90f67-1379-11e1-837e-00262dabb1de
 
Error - 20.11.2011 09:59:06 | Computer Name = Fahriye-PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 20.11.2011 10:25:04 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
 Zeitstempel: 0x4eb4a91a  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
 Zeitstempel: 0x4e5d6c64  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00001463  ID des fehlerhaften
 Prozesses: 0x176c  Startzeit der fehlerhaften Anwendung: 0x01cca790273ed394  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
 6f8a658d-1383-11e1-837e-00262dabb1de
 
Error - 20.11.2011 10:25:36 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
 Zeitstempel: 0x4eb4a91a  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
 Zeitstempel: 0x4e5d6c64  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00001463  ID des fehlerhaften
 Prozesses: 0x18ec  Startzeit der fehlerhaften Anwendung: 0x01cca7903f51bf02  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
 82d57dcf-1383-11e1-837e-00262dabb1de
 
Error - 20.11.2011 10:25:51 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
 Zeitstempel: 0x4eb4a91a  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
 Zeitstempel: 0x4e5d6c64  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000bf46  ID des fehlerhaften
 Prozesses: 0xa58  Startzeit der fehlerhaften Anwendung: 0x01cca79049a1d1fa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
 8bf793ab-1383-11e1-837e-00262dabb1de
 
Error - 20.11.2011 10:26:18 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 8.0.0.4325,
 Zeitstempel: 0x4eb4a91a  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.0.60831.0,
 Zeitstempel: 0x4e5d6c64  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0001e38f  ID des fehlerhaften
 Prozesses: 0x1964  Startzeit der fehlerhaften Anwendung: 0x01cca790531f76ad  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\coreclr.dll
Berichtskennung:
 9bf8cbca-1383-11e1-837e-00262dabb1de
 
Error - 21.11.2011 15:33:07 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce653  ID des fehlerhaften
 Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung: 0x01cca884361a80e9  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\notepad.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a2f7b2cb-1477-11e1-b081-00262dabb1de
 
Error - 21.11.2011 15:33:07 | Computer Name = Fahriye-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: notepad.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce653  ID des fehlerhaften
 Prozesses: 0x390  Startzeit der fehlerhaften Anwendung: 0x01cca8843817e764  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\notepad.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a2f78bbb-1477-11e1-b081-00262dabb1de
 
Error - 21.11.2011 14:51:02 | Computer Name = Fahriye-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=16:app=ONENOTEM 9014006204070000:tid=1260:usr=Fahriye} Application
 Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/EssentialsC2R/de-de/14.0.4763.1000/EssentialsC2R.de-de_14.0.5139.5005.sft'
 herstellen (Rückgabecode 16001E0A-000001D1, ursprünglicher Rückgabecode 16001E0A-000001D1).
 
Error - 21.11.2011 14:51:02 | Computer Name = Fahriye-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=16:app=ONENOTEM 9014006204070000:tid=1260:usr=Fahriye} Der Client
 konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode
 16001E0A-000001D1).
 
[ System Events ]
Error - 22.11.2011 18:10:29 | Computer Name = Fahriye-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 23.11.2011 12:46:43 | Computer Name = Fahriye-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 23.11.2011 17:45:58 | Computer Name = Fahriye-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 23.11.2011 17:46:32 | Computer Name = Fahriye-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 23.11.2011 17:46:36 | Computer Name = Fahriye-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 23.11.2011 17:46:38 | Computer Name = Fahriye-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 23.11.2011 17:46:38 | Computer Name = Fahriye-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 24.11.2011 09:35:53 | Computer Name = Fahriye-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 24.11.2011 11:40:38 | Computer Name = Fahriye-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 24.11.2011 11:52:48 | Computer Name = Fahriye-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >

kira · 25.11.2011, 09:41

zu Punkt 2 - deinstalliert?

Zitat:

Bing Bar

zu Punkt 3. - was hast Du da vorgenommen?

Zitat:

Messenger Plus! 5
Messenger Plus! Live:

mf21 · 25.11.2011, 10:47

punkt 2 deinstalliert

und punkt 3 hab ich messenger plus ebenfalls entfernt benutze zurzeit nur windows live essentials

kira · 25.11.2011, 19:38

1.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
falls noch existierendeinstalliere:

Zitat:

Java(TM) 6 Update 22
Java(TM) 6 Update 26

3.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
[2011.11.21 22:02:54 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2011.05.21 17:43:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Fahriye\AppData\Roaming\mozilla\Firefox\Profiles\brdzo1nn.default\extensions\engine@conduit.com
[2010.11.12 18:10:52 | 000,001,819 | ---- | M] () -- C:\Users\Fahriye\AppData\Roaming\Mozilla\Firefox\Profiles\brdzo1nn.default\searchplugins\bing.xml
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

BKA Virus Hilfe

Plagegeister aller Art und deren Bekämpfung: BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

BKA Virus Hilfe

Ähnliche Themen: BKA Virus Hilfe

22.11.2011, 22:36	#1
mf21	BKA Virus Hilfe hallo hab mir gestern ebenfalls das bka virus eingefangen... habe malware schon ausgeführt nun weiss ich nich was bei otl gemacht werden muss hab es ebenfalls durchgeführt.. und nun ja da hab ich jetzt 2 editor dateien ... kenn mich leider nicht sehr mit dem ganzen aus also tut mir leid wenn ich hier sehr amateur klinge

23.11.2011, 18:13	#3
mf21	BKA Virus Hilfe Also auf Viren habe ich es schon geprüft hier einmal die Logdatei zu Malware... weiss nicht ob ich das mit dem Tag hinkriege man hat mir aber gesagt ich solle die entfernen und ja das hab ich getan und bei der nächsten untersuchung kam dann das zweite raus __________________ Geändert von mf21 (23.11.2011 um 18:22 Uhr)

23.11.2011, 18:23	#4
mf21	BKA Virus Hilfe Malware 2. Untersuchung

23.11.2011, 18:33	#5
mf21	BKA Virus Hilfe hier ist CCleaner im anhang

23.11.2011, 18:34	#6
mf21	BKA Virus Hilfe ach und probleme sind mir nicht aufgefallen nicht das ich wüsste aufjedenfall ist der bka virus nach der systemwiderherstellung verschwunden also mein desktop streikt zumindest nicht

25.11.2011, 10:47	#14
mf21	BKA Virus Hilfe punkt 2 deinstalliert und punkt 3 hab ich messenger plus ebenfalls entfernt benutze zurzeit nur windows live essentials