PC wurde gesperrt von Security Fenster

twinsmom · 04.02.2012, 15:33

Hi Ihr Lieben,

auch mich hat es heute erwischt. Wie in dem Beitrag von Blackjacky, habe ich jetzt erst mal die Boot-CD gebrannt und versuche ein Log-Datei zu erstellen die ich Euch gerne posten möchte.

Mist gerade wo ich unsere Abrechnung machen wollte. Ahhh das wird ne lange Nacht.

Ich hoffe Ihr könnte mir helfen. Starte jetzt erst mal Reatogo und melde mich dann wieder, wenn ich darf.

Liebe Grüße

stressgeplagte Twinsmom die zwischen Essenkochen das zu regeln versucht. hmpf

markusg · 04.02.2012, 15:42

hi,
ok poste dann die logs, sehe es mir an.

twinsmom · 04.02.2012, 17:01

Das ist ganz lieb. Vielen Vielen Dank.

So hier nun das LOG

Leider kann ich es nicht als Datei anhängen da es zu groß ist. Schade.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/4/2012 4:03:43 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 39.40 Gb Free Space | 33.04% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 125.39 Gb Free Space | 81.50% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.18 Gb Free Space | 63.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/05 00:23:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/15 09:07:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 09:06:58 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/12/15 09:06:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/15 09:06:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/25 10:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/11/17 16:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/02/22 05:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/11/02 14:40:12 | 000,174,656 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/15 09:07:21 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/15 09:07:21 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/15 09:07:21 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/01 05:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 05:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/05 01:57:20 | 000,034,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2011/08/31 13:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 11:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/21 03:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/01/13 06:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/03 13:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/26 16:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Steffi_Neu_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\Steffi_Neu_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Steffi_Neu_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Steffi_Neu_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steffi_Neu_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Steffi Neu\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM: C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@sony.com/ReaderDesktop: D:\Steffi Neu\Programme\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/03 17:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/03 17:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/03 17:05:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/03 17:05:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/03 17:05:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/03 17:05:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/03 17:05:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/03 17:05:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/03 17:05:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -  File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Steffi_Neu_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Steffi_Neu_ON_C..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\Steffi_Neu_ON_C..\Run: [vasja] C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe (Orb Networks)
O4 - HKU\UpdatusUser_ON_C..\Run: [ISUSPM]  File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Steffi_Neu_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Steffi_Neu_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Steffi_Neu_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Steffi_Neu_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 212.18.0.5
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\System32\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Steffi Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUS WebStorage - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MsConfig:64bit - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
MsConfig:64bit - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: HControlUser - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: Reader Application Helper - hkey= - key= - D:\Steffi Neu\Programme\appHelper\ReaderAppHelper.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SynAsusAcpi - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Wireless Console 3 - hkey= - key= - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/04 02:35:00 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{99285C7F-AB60-449B-A3F7-AF7FB71ACFE4}
[2012/02/04 02:34:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{72407D88-5B18-4939-B1D1-C2D139CAB70D}
[2012/02/03 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Buhl Data Service
[2012/02/03 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Buhl Data Service
[2012/02/03 16:40:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Buhl
[2012/02/03 16:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO EÜR & Kasse 2012
[2012/02/03 16:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012/02/03 13:41:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7D8A84D3-B33F-410E-8979-E075080B1E51}
[2012/02/03 13:41:14 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DA86BD93-FF50-4AF7-A602-C1633F470C55}
[2012/02/03 01:40:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{550B502E-1B64-43EB-BB6F-2DA08D158C49}
[2012/02/03 01:40:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{6D86C42A-DE45-4C75-B215-E669A0D4F57B}
[2012/02/02 02:34:07 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{661B0DF1-06C5-4D18-A9CB-4070E19ED7DB}
[2012/02/02 02:33:53 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{93C74B1F-333C-4F68-8BEC-5BB7D80E6B50}
[2012/02/01 12:40:18 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{042989F1-C82E-40CA-B44A-C5A2541A302B}
[2012/02/01 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{776BCC49-523F-4C98-8F54-DABBAA0B7047}
[2012/01/30 14:59:06 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{643AA745-8697-44CE-A1D5-C91EF6563200}
[2012/01/30 14:58:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{8B86DF46-BBE7-4849-984B-CF2D3328C3FE}
[2012/01/28 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{403ADD92-35DF-4A7F-B031-0F962B28B250}
[2012/01/28 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E7998F3B-07D5-4B1B-B594-445F9DDC92FD}
[2012/01/27 14:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\vlc
[2012/01/26 08:08:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{41F3E930-1838-436C-A622-F89B87411CC6}
[2012/01/26 08:08:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{784BAAB0-39D4-4888-9872-50B2A68E3C59}
[2012/01/25 09:55:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{BEA3ADFB-39B8-498A-A968-D5D4AD4A3113}
[2012/01/25 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{96E77FDF-9EC2-41EE-83C9-7A2E5F4B8060}
[2012/01/24 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DC083361-4875-43DB-9C3F-319B81B5E4AE}
[2012/01/24 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{53957F8B-83EC-4DAC-9B46-B18EF46396D2}
[2012/01/24 06:42:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/24 03:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2012/01/24 01:30:12 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{BA6E1634-C8E1-4F9C-9398-CC0D4B7E75F2}
[2012/01/24 01:30:01 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B84551DB-CCE9-46FD-B594-7632F509E58D}
[2012/01/23 14:31:48 | 000,000,000 | ---D | C] -- C:\Converted
[2012/01/23 14:29:00 | 000,034,040 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys
[2012/01/23 14:17:08 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Desktop\Downloads
[2012/01/23 14:17:02 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\GetRightToGo
[2012/01/22 09:08:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{496369FE-81E7-421E-AFF0-20B78D862322}
[2012/01/22 09:08:47 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{A1BE7C82-7CE3-45BF-B38E-F41901285B52}
[2012/01/21 10:57:31 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Documents\Rezepte
[2012/01/21 10:24:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B00408C6-71E7-4033-B8D6-E40222C34C4A}
[2012/01/21 10:24:37 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{43681BE0-4F56-489E-ADCE-580C14656260}
[2012/01/20 04:30:34 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{90A8CB9C-CB0A-4DB0-A05A-0DF75A170F95}
[2012/01/20 04:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F1FA8EC8-993B-448E-B41A-D758538C65C3}
[2012/01/20 01:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012/01/19 14:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/19 14:50:46 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi64.dll
[2012/01/19 14:50:46 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/01/19 14:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/19 14:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/19 01:38:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{D11723C6-F551-43D0-9D1C-4BCD51D6493B}
[2012/01/19 01:38:35 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{1E067DE9-E847-4978-9313-EB384C1FF998}
[2012/01/18 15:29:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Nero_AG
[2012/01/18 01:53:00 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CF752DB-E4A9-4A4B-9DFD-00A1DE23B3F1}
[2012/01/18 01:52:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{38B2B68D-6C0C-4281-A935-8CA592278A89}
[2012/01/17 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{EF7B9DB0-305B-4E11-B899-A0D57FA77D11}
[2012/01/17 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E8009453-A7D5-4997-8266-2F9D3EA56D93}
[2012/01/17 01:30:57 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CCF0F6D-6487-4C74-B54F-0BD3099E6AC0}
[2012/01/17 01:30:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{28D67091-C7D7-47B4-8BD6-305FA7B0C72F}
[2012/01/16 13:22:54 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7A014216-FE50-47A1-BF3E-5934502EB24D}
[2012/01/16 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{C336BBA7-D02D-4483-BF57-60F3B3B958BF}
[2012/01/16 01:07:11 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2012/01/16 01:07:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/16 01:07:11 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/16 01:07:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
[2012/01/16 01:07:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/16 01:07:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2012/01/16 00:49:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{04126FD0-D683-449F-AA27-7DE1E3DF4FA0}
[2012/01/16 00:49:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{D95C78E4-6469-4630-9BC1-6F7288794025}
[2012/01/15 03:11:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{11317D17-AC69-4BF8-8C02-9A3E1A8A2E2A}
[2012/01/15 03:11:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{CF69F51F-C2D7-4516-A4FC-C4F9DBAEBB1A}
[2012/01/14 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{68F9C908-7872-43BA-92A5-7713BBDAE668}
[2012/01/14 15:11:04 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{415561B6-8A7A-42BE-A382-A23F85AD58E3}
[2012/01/14 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{0EE3D351-22E7-4395-A497-46058D464E39}
[2012/01/14 13:03:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{080A9B45-1EFD-49D2-9429-6A7C486AC643}
[2012/01/14 00:54:18 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{CF2AAE60-67E0-4F48-BF18-D99AF72D0A0F}
[2012/01/14 00:54:07 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{9CD33CA7-CFA4-4936-B50F-97CB5BFE619B}
[2012/01/14 00:53:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{A9887D0B-DDD8-47CA-B9D4-9E0312FAD874}
[2012/01/13 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B5918F5A-3D15-4651-A6BE-205E1CE381DA}
[2012/01/13 07:06:37 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Ulead Systems
[2012/01/13 07:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Essentials 3
[2012/01/13 07:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/01/13 07:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012/01/13 07:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact X3
[2012/01/13 07:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2012/01/13 07:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2012/01/13 07:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012/01/13 04:02:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{931F7F2C-8421-4901-B3A1-4E209CBCEDEB}
[2012/01/13 04:02:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7C41249B-BA10-40BC-A0DF-B4DEA0325DFA}
[2012/01/12 14:49:13 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CD5CE74-D146-4FFE-8285-F6FDF137D448}
[2012/01/12 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{38AFFA3D-2290-433D-9E47-31DE284781D0}
[2012/01/12 01:52:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{175AB244-C476-4963-91C1-03BFBAD6027B}
[2012/01/12 01:52:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DB277CA4-47E8-465C-8DE0-3F8687DD898B}
[2012/01/11 15:14:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F6115747-DD23-4D7E-9504-78CE04E8C914}
[2012/01/11 15:14:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{FD0188B3-251D-41F9-8349-117B07C58B18}
[2012/01/11 09:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/11 09:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/01/11 04:23:26 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/11 02:22:40 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{80492D0C-6D32-43B0-A01E-F74617341821}
[2012/01/11 02:15:36 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 02:15:36 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 02:15:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 02:15:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/11 02:13:04 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2012/01/11 02:12:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 02:12:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 14:22:11 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{EE6AC2D0-4176-4C40-9C41-379D6FE6C4D0}
[2012/01/10 14:21:56 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{2B6918B1-06DA-44F9-A292-BFEC1278AE13}
[2012/01/10 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Documents\NeroVideo
[2012/01/10 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Nero
[2012/01/10 13:03:34 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Nero
[2012/01/10 12:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/01/10 12:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/01/10 12:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/01/10 12:18:56 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\NBVolUp.sys
[2012/01/10 12:18:43 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\NBVol.sys
[2012/01/10 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/01/10 02:21:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{86F1DA40-A3CA-4481-80EB-2302B2E67532}
[2012/01/10 02:21:19 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{AA843185-F712-40A6-B423-DEA3097A5D45}
[2012/01/09 14:20:53 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DE60B600-80B4-4DAF-ABB7-25DFB5573D16}
[2012/01/09 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E36B6CAF-0641-40D4-9001-073610078BF0}
[2012/01/09 01:53:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{890DF917-D58E-4BE2-8EC5-6A56330D8431}
[2012/01/09 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{5B674A2A-3A76-4BC9-B080-1D13C2151922}
[2012/01/08 04:33:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7FEA2424-5761-451A-AF71-EA014870187F}
[2012/01/08 04:33:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{5A8E9691-E9B6-4F36-900D-4CB4BC8AEBC9}
[2012/01/07 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{06156B82-674F-4750-8EC6-404AE50F8AAA}
[2012/01/07 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F86CE0B3-8CA6-4817-8D28-CA3F149BF88A}
[2012/01/07 04:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{15D1A967-168B-425B-8F57-99F719F4430D}
[2012/01/07 04:29:35 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F3A156A1-FFE9-4EA0-ACA8-75038269CB30}
[2012/01/06 03:38:28 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E634C18E-6471-4F8D-A7DF-44E2D35E6BFF}
[2012/01/06 03:38:14 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B77C05CD-42C2-43FA-82BA-B73FD331DB69}
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/04 08:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 08:52:14 | 3151,904,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 08:25:37 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:25:37 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:25:09 | 000,665,578 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/04 08:25:09 | 000,627,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 08:25:09 | 000,133,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/04 08:25:09 | 000,110,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 08:24:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:23:55 | 000,002,226 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini
[2012/02/04 08:03:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 16:48:10 | 000,000,458 | ---- | M] () -- C:\Windows\wiso.ini
[2012/02/03 16:20:01 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\WISO EÜR & Kasse 2012.lnk
[2012/02/03 16:18:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO EÜR & Kasse 2012
[2012/02/01 14:24:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/01/31 08:36:57 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/01/24 05:08:30 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\RIFT spielen.lnk
[2012/01/24 03:41:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2012/01/20 01:58:51 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012/01/20 01:58:51 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/20 01:58:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012/01/19 14:51:05 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/19 14:51:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/14 00:53:18 | 000,001,400 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini
[2012/01/14 00:32:07 | 000,323,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/13 07:05:43 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk
[2012/01/13 07:05:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Essentials 3
[2012/01/13 07:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact X3
[2012/01/13 07:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2012/01/12 07:49:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/11 09:38:19 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 09:38:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 12:56:49 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk
[2012/01/10 12:56:03 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/01/10 12:56:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/01/10 12:54:35 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk
[2012/01/10 12:53:46 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012/01/07 05:54:02 | 003,328,655 | ---- | M] () -- C:\Users\Steffi Neu\Documents\IMG_0627.JPG
[2012/01/07 05:54:02 | 000,489,769 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P050112_20.11.JPG
[2012/01/07 05:54:02 | 000,375,890 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P050112_20.10.JPG
[2012/01/07 05:54:02 | 000,280,845 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P071011_12.51.JPG
[2012/01/07 05:52:37 | 000,115,878 | ---- | M] () -- C:\Users\Steffi Neu\Documents\image.jpeg
 
========== Files Created - No Company Name ==========
 
[2012/02/03 16:40:40 | 000,000,458 | ---- | C] () -- C:\Windows\wiso.ini
[2012/02/03 16:20:01 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\WISO EÜR & Kasse 2012.lnk
[2012/01/24 05:08:30 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\RIFT spielen.lnk
[2012/01/20 01:58:51 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012/01/19 14:51:05 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/13 07:05:43 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk
[2012/01/11 09:38:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 09:38:19 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 12:56:49 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk
[2012/01/10 12:56:03 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/01/10 12:54:35 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk
[2012/01/10 12:53:46 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012/01/07 05:54:02 | 000,489,769 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P050112_20.11.JPG
[2012/01/07 05:54:02 | 000,375,890 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P050112_20.10.JPG
[2012/01/07 05:54:02 | 000,280,845 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P071011_12.51.JPG
[2012/01/07 05:54:01 | 003,328,655 | ---- | C] () -- C:\Users\Steffi Neu\Documents\IMG_0627.JPG
[2012/01/07 05:52:37 | 000,115,878 | ---- | C] () -- C:\Users\Steffi Neu\Documents\image.jpeg
[2011/08/31 13:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/31 13:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 13:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/31 13:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/04/22 02:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/22 02:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/01/12 11:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/25 22:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 14:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
 
========== LOP Check ==========
 
[2011/12/26 07:05:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Acreon
[2011/12/25 07:52:45 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Asus WebStorage
[2012/02/03 16:40:42 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Buhl Data Service
[2012/01/23 14:28:31 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\GetRightToGo
[2011/12/26 07:04:02 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\OpenOffice.org
[2012/01/24 03:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\RIFT
[2012/01/13 07:06:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Ulead Systems
[2011/12/25 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Windows Live Writer
[2011/12/25 07:54:20 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Zeon
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/02/03 16:48:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/12/25 07:54:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/01/12 10:49:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/12/29 14:23:44 | 000,000,000 | ---D | M] -- C:\ProgramData\kinoma
[2011/01/12 11:02:38 | 000,000,000 | ---D | M] -- C:\ProgramData\OberonGameConsole
[2011/12/26 16:24:46 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011/12/25 08:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2011/12/26 16:21:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/01/12 10:48:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/01/13 07:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/12/25 08:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/07/14 00:08:49 | 000,018,088 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/25 12:55:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/12/25 07:47:56 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011/01/12 11:03:23 | 000,000,000 | ---D | M] -- C:\AsusVibeData
[2009/07/29 01:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/01/23 14:31:48 | 000,000,000 | ---D | M] -- C:\Converted
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/12/26 16:28:53 | 000,000,000 | ---D | M] -- C:\eSupport
[2011/12/26 16:13:41 | 000,000,000 | ---D | M] -- C:\Intel
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/01/19 14:50:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/23 14:41:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/03 16:12:17 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/12/25 07:43:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/02/03 16:13:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/25 07:45:51 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/03 16:40:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/12 09:25:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/12 09:25:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/09/13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010/09/13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\System32\drivers\iaStor.sys
[2010/09/13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/01/12 11:20:46 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/01/12 11:20:46 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/01/12 11:20:46 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/01/12 11:20:46 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\System32\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\System32\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/01/12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/01/12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\System32\winlogon.exe
[2011/01/12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

--- --- ---

markusg · 04.02.2012, 17:23

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Steffi_Neu_ON_C..\Run: [vasja] C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe (Orb Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Files
C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

twinsmom · 04.02.2012, 17:34

Soweit habe ich alles gemacht, aber leider lässt er mich nicht das zweite Mal Run Fix klicken. Somit fährt auch nicht selbst runter

twinsmom · 04.02.2012, 18:35

So habe jetzt die Zip Datei mal geschickt. Ich hoffe, das hilft.

LG

Twinsmom

markusg · 04.02.2012, 19:04

danke für den upload
kannst du wieder im normalen modus starten? falls ja:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

twinsmom · 04.02.2012, 19:16

Windows konnte nach Herausnehmen der Boot-CD gestartet werden.
Leider schaltet sich sofort wieder das Fenster Windows Security Center ein.
Es ist so als wenn ich nichts gemacht hätte.
Ich kann keine weitere Aktionen durchführen.
Wahrscheinlich habe ich doch irgendwo was nicht richtig befolgt?!?

markusg · 04.02.2012, 19:38

kannst du mal folgendes versuchen?
neustarten, f8 drücken, abgesicherter modus mit netzwerk.
funktioniert der?
falls ja:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

twinsmom · 04.02.2012, 20:27

So das hat soweit gut geklappt.

Hier die beiden Logs.

OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.02.2012 20:09:39 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Steffi Neu\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 83,87% Memory free
7,83 Gb Paging File | 7,23 Gb Available in Paging File | 92,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 39,37 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 125,39 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
Drive F: | 1,87 Gb Total Space | 1,18 Gb Free Space | 62,99% Space Free | Partition Type: FAT32
 
Computer Name: STEFFINEU-PC | User Name: Steffi Neu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.04 20:06:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi Neu\Desktop\24960-OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.02 22:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.11.02 22:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.11.02 22:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.01.05 06:23:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.15 15:07:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 15:06:58 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.12.15 15:06:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.12.15 15:06:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:07:21 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 15:07:21 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.15 15:07:21 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.10.05 07:57:20 | 000,034,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2011.08.31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.21 09:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.09 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesangebote.de/muenchen/|hxxp://www.amazon.de/|hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Steffi Neu\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Steffi Neu\Programme\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.03 23:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.25 20:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Neu\AppData\Roaming\mozilla\Extensions
[2012.02.02 08:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi Neu\AppData\Roaming\mozilla\Firefox\Profiles\01p992rk.default\extensions
[2011.12.25 21:03:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffi Neu\AppData\Roaming\mozilla\Firefox\Profiles\01p992rk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.24 16:44:24 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Steffi Neu\AppData\Roaming\mozilla\Firefox\Profiles\01p992rk.default\extensions\firefox@ghostery.com
[2012.02.03 23:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\STEFFI NEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01P992RK.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\STEFFI NEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01P992RK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.03 23:05:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.03 23:05:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 23:05:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.03 23:05:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 23:05:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 23:05:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 23:05:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [vasja] C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe (Orb Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 212.18.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A30C412A-0960-4926-8FF1-2F2F752D7086}: DhcpNameServer = 192.168.1.1 212.18.0.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36126e0a-3006-11e1-a56a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{36126e0a-3006-11e1-a56a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Steffi Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUS WebStorage - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MsConfig:64bit - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
MsConfig:64bit - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: HControlUser - hkey= - key= - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: Reader Application Helper - hkey= - key= - D:\Steffi Neu\Programme\appHelper\ReaderAppHelper.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SynAsusAcpi - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Wireless Console 3 - hkey= - key= - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.04 23:11:27 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.02.04 23:11:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.04 20:07:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi Neu\Desktop\24960-OTL.exe
[2012.02.04 08:35:00 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{99285C7F-AB60-449B-A3F7-AF7FB71ACFE4}
[2012.02.04 08:34:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{72407D88-5B18-4939-B1D1-C2D139CAB70D}
[2012.02.03 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Buhl Data Service
[2012.02.03 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Buhl Data Service
[2012.02.03 22:40:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Buhl
[2012.02.03 22:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO EÜR & Kasse 2012
[2012.02.03 22:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012.02.03 19:41:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7D8A84D3-B33F-410E-8979-E075080B1E51}
[2012.02.03 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DA86BD93-FF50-4AF7-A602-C1633F470C55}
[2012.02.03 07:40:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{550B502E-1B64-43EB-BB6F-2DA08D158C49}
[2012.02.03 07:40:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{6D86C42A-DE45-4C75-B215-E669A0D4F57B}
[2012.02.02 08:34:07 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{661B0DF1-06C5-4D18-A9CB-4070E19ED7DB}
[2012.02.02 08:33:53 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{93C74B1F-333C-4F68-8BEC-5BB7D80E6B50}
[2012.02.01 18:40:18 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{042989F1-C82E-40CA-B44A-C5A2541A302B}
[2012.02.01 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{776BCC49-523F-4C98-8F54-DABBAA0B7047}
[2012.01.30 20:59:06 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{643AA745-8697-44CE-A1D5-C91EF6563200}
[2012.01.30 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{8B86DF46-BBE7-4849-984B-CF2D3328C3FE}
[2012.01.28 20:00:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{403ADD92-35DF-4A7F-B031-0F962B28B250}
[2012.01.28 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E7998F3B-07D5-4B1B-B594-445F9DDC92FD}
[2012.01.27 20:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\vlc
[2012.01.26 14:08:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{41F3E930-1838-436C-A622-F89B87411CC6}
[2012.01.26 14:08:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{784BAAB0-39D4-4888-9872-50B2A68E3C59}
[2012.01.25 15:55:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{BEA3ADFB-39B8-498A-A968-D5D4AD4A3113}
[2012.01.25 15:55:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{96E77FDF-9EC2-41EE-83C9-7A2E5F4B8060}
[2012.01.24 19:30:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DC083361-4875-43DB-9C3F-319B81B5E4AE}
[2012.01.24 19:30:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{53957F8B-83EC-4DAC-9B46-B18EF46396D2}
[2012.01.24 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.01.24 09:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2012.01.24 07:30:12 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{BA6E1634-C8E1-4F9C-9398-CC0D4B7E75F2}
[2012.01.24 07:30:01 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B84551DB-CCE9-46FD-B594-7632F509E58D}
[2012.01.23 20:31:48 | 000,000,000 | ---D | C] -- C:\Converted
[2012.01.23 20:29:00 | 000,034,040 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SndTAudio.sys
[2012.01.23 20:17:08 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Desktop\Downloads
[2012.01.23 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\GetRightToGo
[2012.01.22 15:08:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{496369FE-81E7-421E-AFF0-20B78D862322}
[2012.01.22 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{A1BE7C82-7CE3-45BF-B38E-F41901285B52}
[2012.01.21 16:57:31 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Documents\Rezepte
[2012.01.21 16:24:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B00408C6-71E7-4033-B8D6-E40222C34C4A}
[2012.01.21 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{43681BE0-4F56-489E-ADCE-580C14656260}
[2012.01.20 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{90A8CB9C-CB0A-4DB0-A05A-0DF75A170F95}
[2012.01.20 10:30:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F1FA8EC8-993B-448E-B41A-D758538C65C3}
[2012.01.20 07:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012.01.19 20:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.19 20:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.19 20:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.19 07:38:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{D11723C6-F551-43D0-9D1C-4BCD51D6493B}
[2012.01.19 07:38:35 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{1E067DE9-E847-4978-9313-EB384C1FF998}
[2012.01.18 21:29:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Nero_AG
[2012.01.18 07:53:00 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CF752DB-E4A9-4A4B-9DFD-00A1DE23B3F1}
[2012.01.18 07:52:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{38B2B68D-6C0C-4281-A935-8CA592278A89}
[2012.01.17 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{EF7B9DB0-305B-4E11-B899-A0D57FA77D11}
[2012.01.17 19:31:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E8009453-A7D5-4997-8266-2F9D3EA56D93}
[2012.01.17 07:30:57 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CCF0F6D-6487-4C74-B54F-0BD3099E6AC0}
[2012.01.17 07:30:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{28D67091-C7D7-47B4-8BD6-305FA7B0C72F}
[2012.01.16 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7A014216-FE50-47A1-BF3E-5934502EB24D}
[2012.01.16 19:22:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{C336BBA7-D02D-4483-BF57-60F3B3B958BF}
[2012.01.16 06:49:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{04126FD0-D683-449F-AA27-7DE1E3DF4FA0}
[2012.01.16 06:49:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{D95C78E4-6469-4630-9BC1-6F7288794025}
[2012.01.15 09:11:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{11317D17-AC69-4BF8-8C02-9A3E1A8A2E2A}
[2012.01.15 09:11:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{CF69F51F-C2D7-4516-A4FC-C4F9DBAEBB1A}
[2012.01.14 21:11:15 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{68F9C908-7872-43BA-92A5-7713BBDAE668}
[2012.01.14 21:11:04 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{415561B6-8A7A-42BE-A382-A23F85AD58E3}
[2012.01.14 19:03:38 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{0EE3D351-22E7-4395-A497-46058D464E39}
[2012.01.14 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{080A9B45-1EFD-49D2-9429-6A7C486AC643}
[2012.01.14 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{CF2AAE60-67E0-4F48-BF18-D99AF72D0A0F}
[2012.01.14 06:54:07 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{9CD33CA7-CFA4-4936-B50F-97CB5BFE619B}
[2012.01.14 06:53:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{A9887D0B-DDD8-47CA-B9D4-9E0312FAD874}
[2012.01.13 22:06:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B5918F5A-3D15-4651-A6BE-205E1CE381DA}
[2012.01.13 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Ulead Systems
[2012.01.13 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Essentials 3
[2012.01.13 13:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.01.13 13:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.01.13 13:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact X3
[2012.01.13 13:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
[2012.01.13 13:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2012.01.13 13:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012.01.13 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{931F7F2C-8421-4901-B3A1-4E209CBCEDEB}
[2012.01.13 10:02:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7C41249B-BA10-40BC-A0DF-B4DEA0325DFA}
[2012.01.12 20:49:13 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{3CD5CE74-D146-4FFE-8285-F6FDF137D448}
[2012.01.12 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{38AFFA3D-2290-433D-9E47-31DE284781D0}
[2012.01.12 07:52:59 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{175AB244-C476-4963-91C1-03BFBAD6027B}
[2012.01.12 07:52:46 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DB277CA4-47E8-465C-8DE0-3F8687DD898B}
[2012.01.11 21:14:48 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F6115747-DD23-4D7E-9504-78CE04E8C914}
[2012.01.11 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{FD0188B3-251D-41F9-8349-117B07C58B18}
[2012.01.11 15:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.01.11 15:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.01.11 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{80492D0C-6D32-43B0-A01E-F74617341821}
[2012.01.10 20:22:11 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{EE6AC2D0-4176-4C40-9C41-379D6FE6C4D0}
[2012.01.10 20:21:56 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{2B6918B1-06DA-44F9-A292-BFEC1278AE13}
[2012.01.10 19:05:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\Documents\NeroVideo
[2012.01.10 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\Nero
[2012.01.10 19:03:34 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Roaming\Nero
[2012.01.10 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.01.10 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.01.10 18:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.01.10 18:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.01.10 08:21:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{86F1DA40-A3CA-4481-80EB-2302B2E67532}
[2012.01.10 08:21:19 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{AA843185-F712-40A6-B423-DEA3097A5D45}
[2012.01.09 20:20:53 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{DE60B600-80B4-4DAF-ABB7-25DFB5573D16}
[2012.01.09 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E36B6CAF-0641-40D4-9001-073610078BF0}
[2012.01.09 07:53:44 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{890DF917-D58E-4BE2-8EC5-6A56330D8431}
[2012.01.09 07:53:33 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{5B674A2A-3A76-4BC9-B080-1D13C2151922}
[2012.01.08 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{7FEA2424-5761-451A-AF71-EA014870187F}
[2012.01.08 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{5A8E9691-E9B6-4F36-900D-4CB4BC8AEBC9}
[2012.01.08 00:25:42 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{06156B82-674F-4750-8EC6-404AE50F8AAA}
[2012.01.08 00:25:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F86CE0B3-8CA6-4817-8D28-CA3F149BF88A}
[2012.01.07 10:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{15D1A967-168B-425B-8F57-99F719F4430D}
[2012.01.07 10:29:35 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{F3A156A1-FFE9-4EA0-ACA8-75038269CB30}
[2012.01.06 09:38:28 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{E634C18E-6471-4F8D-A7DF-44E2D35E6BFF}
[2012.01.06 09:38:14 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{B77C05CD-42C2-43FA-82BA-B73FD331DB69}
[2012.01.05 20:33:32 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{A7B66A7A-D2D2-4755-95B9-79A2297775F5}
[2012.01.05 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\Steffi Neu\AppData\Local\{5B4126CC-0EAB-4B8D-9AC9-65A9C36097DF}
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.04 20:09:05 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.04 20:09:05 | 000,665,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.04 20:09:05 | 000,627,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.04 20:09:05 | 000,133,552 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.04 20:09:05 | 000,109,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.04 20:06:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi Neu\Desktop\24960-OTL.exe
[2012.02.04 20:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 20:03:05 | 3151,917,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 19:15:31 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.02.04 19:15:31 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.04 14:25:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 14:25:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 14:23:55 | 000,002,226 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.02.04 14:03:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.03 22:48:10 | 000,000,458 | ---- | M] () -- C:\Windows\wiso.ini
[2012.02.03 22:20:01 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\WISO EÜR & Kasse 2012.lnk
[2012.02.01 20:24:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.01.24 11:08:30 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\RIFT spielen.lnk
[2012.01.20 07:58:51 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012.01.19 20:51:05 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.14 06:53:18 | 000,001,400 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.01.14 06:32:07 | 000,323,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.13 13:05:43 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk
[2012.01.11 15:38:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.01.10 18:56:49 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk
[2012.01.10 18:56:03 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.01.10 18:54:35 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk
[2012.01.10 18:53:46 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.01.07 11:54:02 | 003,328,655 | ---- | M] () -- C:\Users\Steffi Neu\Documents\IMG_0627.JPG
[2012.01.07 11:54:02 | 000,489,769 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P050112_20.11.JPG
[2012.01.07 11:54:02 | 000,375,890 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P050112_20.10.JPG
[2012.01.07 11:54:02 | 000,280,845 | ---- | M] () -- C:\Users\Steffi Neu\Documents\P071011_12.51.JPG
[2012.01.07 11:52:37 | 000,115,878 | ---- | M] () -- C:\Users\Steffi Neu\Documents\image.jpeg
 
========== Files Created - No Company Name ==========
 
[2012.02.03 22:40:40 | 000,000,458 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.03 22:20:01 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\WISO EÜR & Kasse 2012.lnk
[2012.01.24 11:08:30 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\RIFT spielen.lnk
[2012.01.20 07:58:51 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012.01.19 20:51:05 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.13 13:05:43 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk
[2012.01.11 15:38:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.11 15:38:19 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.01.10 18:56:49 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk
[2012.01.10 18:56:03 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.01.10 18:54:35 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk
[2012.01.10 18:53:46 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
[2012.01.07 11:54:02 | 000,489,769 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P050112_20.11.JPG
[2012.01.07 11:54:02 | 000,375,890 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P050112_20.10.JPG
[2012.01.07 11:54:02 | 000,280,845 | ---- | C] () -- C:\Users\Steffi Neu\Documents\P071011_12.51.JPG
[2012.01.07 11:54:01 | 003,328,655 | ---- | C] () -- C:\Users\Steffi Neu\Documents\IMG_0627.JPG
[2012.01.07 11:52:37 | 000,115,878 | ---- | C] () -- C:\Users\Steffi Neu\Documents\image.jpeg
[2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.04.22 08:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.22 08:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.10.26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
 
========== LOP Check ==========
 
[2011.12.26 13:05:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Acreon
[2011.12.25 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Asus WebStorage
[2012.02.03 22:40:42 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Buhl Data Service
[2012.01.23 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\GetRightToGo
[2011.12.26 13:04:02 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\OpenOffice.org
[2012.01.24 09:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\RIFT
[2012.01.13 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Ulead Systems
[2011.12.25 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Windows Live Writer
[2011.12.25 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Steffi Neu\AppData\Roaming\Zeon
[2009.07.14 06:08:49 | 000,018,340 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.25 18:55:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.25 13:47:56 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011.01.12 17:03:23 | 000,000,000 | ---D | M] -- C:\AsusVibeData
[2009.07.29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.23 20:31:48 | 000,000,000 | ---D | M] -- C:\Converted
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.26 22:28:53 | 000,000,000 | ---D | M] -- C:\eSupport
[2011.12.26 22:13:41 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.19 20:50:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.23 20:41:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.03 22:12:17 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.25 13:43:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.03 22:13:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.25 13:45:51 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.04 20:03:06 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.04 23:11:24 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.01.12 15:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.01.12 15:25:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.01.12 15:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.01.12 15:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.01.12 15:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.01.12 15:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.01.12 15:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.01.12 15:25:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.01.12 17:20:46 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.01.12 17:20:46 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.01.12 17:20:46 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.01.12 17:20:46 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.01.12 15:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.01.12 15:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011.01.12 15:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.04 20:18:38 | 002,097,152 | -HS- | M] () -- C:\Users\Steffi Neu\NTUSER.DAT
[2012.02.05 01:28:36 | 000,008,192 | -H-- | M] () -- C:\Users\Steffi Neu\ntuser.dat.LOG
[2012.02.04 20:18:38 | 000,262,144 | -HS- | M] () -- C:\Users\Steffi Neu\ntuser.dat.LOG1
[2011.12.25 13:45:52 | 000,000,000 | -HS- | M] () -- C:\Users\Steffi Neu\ntuser.dat.LOG2
[2011.12.25 13:59:05 | 000,065,536 | -HS- | M] () -- C:\Users\Steffi Neu\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.25 13:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Steffi Neu\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.25 13:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Steffi Neu\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.25 13:45:52 | 000,000,020 | -HS- | M] () -- C:\Users\Steffi Neu\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

Extra.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.02.2012 20:09:39 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Steffi Neu\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 83,87% Memory free
7,83 Gb Paging File | 7,23 Gb Available in Paging File | 92,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 39,37 Gb Free Space | 33,02% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 125,39 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
Drive F: | 1,87 Gb Total Space | 1,18 Gb Free Space | 62,99% Space Free | Partition Type: FAT32
 
Computer Name: STEFFINEU-PC | User Name: Steffi Neu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD2DA092-F254-43D0-9683-DD09840315C4}" = WISO EÜR & Kasse 2012
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"JDownloader" = JDownloader
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Plants vs Zombies" = Plants vs Zombies
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Goo" = World of Goo
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.01.2012 11:26:36 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 243752
 
Error - 29.01.2012 11:26:36 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 243752
 
Error - 29.01.2012 11:26:37 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.01.2012 11:26:37 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 244750
 
Error - 29.01.2012 11:26:37 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 244750
 
Error - 29.01.2012 11:26:38 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.01.2012 11:26:38 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 245764
 
Error - 29.01.2012 11:26:38 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 245764
 
Error - 29.01.2012 11:26:39 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.01.2012 11:26:39 | Computer Name = SteffiNeu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 246763
 
[ System Events ]
Error - 14.01.2012 04:12:22 | Computer Name = SteffiNeu-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR3.
 
Error - 16.01.2012 01:55:23 | Computer Name = SteffiNeu-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80246007 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
 (KB976932)
 
Error - 16.01.2012 01:57:07 | Computer Name = SteffiNeu-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706be fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2607576)
 
Error - 16.01.2012 01:57:19 | Computer Name = SteffiNeu-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.01.2012 05:56:17 | Computer Name = SteffiNeu-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 18.01.2012 21:53:14 | Computer Name = SteffiNeu-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 19.01.2012 08:13:11 | Computer Name = SteffiNeu-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.01.2012 15:32:15 | Computer Name = SteffiNeu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 19.01.2012 15:49:52 | Computer Name = SteffiNeu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 19.01.2012 15:51:00 | Computer Name = SteffiNeu-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >

--- --- ---

twinsmom · 05.02.2012, 11:10

Guten Morgen lieber Markus,
Ich habe jetzt nach der letzten Aktion den pc die ganze Nacht laufen lassen. Ich habe mich nicht getraut ihn einfach runter zu fahren. Ich hoffe das war okay? Liebe Grüsse twinsmom.

markusg · 05.02.2012, 11:40

hi
das wäre nicht nötig gewesen, aber ich wollte auch n bissel was von meinem wochenende haben :-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe (Orb Networks)

 :Files
C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

twinsmom · 05.02.2012, 12:10

Das kann ich duchaus verstehen. Ich bin eh dankbar das Du so hilfsbereit bist und dich mit uns Chaoten plagst.

Als hier die Txt Datei:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Steffi Neu\AppData\Local\Temp\0.7717550470288732.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Steffi Neu
->Flash cache emptied: 642 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Steffi Neu
->Temp folder emptied: 1084772 bytes
->Temporary Internet Files folder emptied: 655360 bytes
->Java cache emptied: 1209848 bytes
->FireFox cache emptied: 52550229 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02052012_115030

Files\Folders moved on Reboot...
C:\Users\Steffi Neu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Den upload habe ich auch gemacht. Ging ohne Probleme

markusg · 05.02.2012, 12:15

danke.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

twinsmom · 05.02.2012, 15:34

Hier die Combofix Antwort:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-05.02 - Steffi Neu 05.02.2012  12:56:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4008.2275 [GMT 1:00]
ausgeführt von:: c:\users\Steffi Neu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\Steffi Neu\AppData\Local\._Revolution_
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-04 22:11 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-02-04 22:11 . 2012-02-05 10:57	--------	d-----w-	C:\_OTL
2012-02-03 21:40 . 2012-02-03 21:40	--------	d-----w-	c:\users\Steffi Neu\AppData\Roaming\Buhl Data Service
2012-02-03 21:40 . 2012-02-03 21:40	--------	d-----w-	c:\users\Steffi Neu\AppData\Local\Buhl Data Service
2012-02-03 21:40 . 2012-02-03 21:44	--------	d-----w-	c:\users\Steffi Neu\AppData\Local\Buhl
2012-02-03 21:12 . 2012-02-03 21:48	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2012-02-03 06:43 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F20843D-B428-4460-99F5-5DC0EBD53DE6}\mpengine.dll
2012-01-27 19:24 . 2012-01-30 19:19	--------	d-----w-	c:\users\Steffi Neu\AppData\Roaming\vlc
2012-01-23 19:31 . 2012-01-23 19:31	--------	d-----w-	C:\Converted
2012-01-23 19:29 . 2011-10-05 06:57	34040	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2012-01-23 19:17 . 2012-01-23 19:28	--------	d-----w-	c:\users\Steffi Neu\AppData\Roaming\GetRightToGo
2012-01-19 19:50 . 2009-05-18 12:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-19 19:50 . 2008-04-17 11:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-01-19 19:50 . 2008-04-17 11:12	107368	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-01-19 19:50 . 2012-01-19 19:50	--------	d-----w-	c:\program files\iTunes
2012-01-19 19:50 . 2012-01-19 19:50	--------	d-----w-	c:\program files\iPod
2012-01-13 12:06 . 2012-01-13 12:06	--------	d-----w-	c:\users\Steffi Neu\AppData\Roaming\Ulead Systems
2012-01-13 12:04 . 2012-01-13 12:04	--------	d-----w-	c:\programdata\Corel
2012-01-13 12:04 . 2012-01-13 12:04	--------	d-----w-	c:\program files (x86)\Corel
2012-01-13 12:04 . 2012-01-13 12:04	--------	d-----w-	c:\program files (x86)\Common Files\Ulead Systems
2012-01-13 12:00 . 2012-01-13 12:04	--------	d-----w-	c:\programdata\Ulead Systems
2012-01-11 14:37 . 2012-01-11 14:38	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-01-11 09:23 . 2012-01-12 12:49	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 07:15 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 07:15 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 07:15 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 07:15 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 07:13 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 07:13 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 07:12 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 07:12 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-10 18:05 . 2012-01-10 18:05	--------	d-----w-	c:\users\Steffi Neu\AppData\Local\Nero
2012-01-10 18:03 . 2012-01-10 18:03	--------	d-----w-	c:\users\Steffi Neu\AppData\Roaming\Nero
2012-01-10 17:52 . 2012-01-10 17:55	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2012-01-10 17:52 . 2012-01-10 18:02	--------	d-----w-	c:\programdata\Nero
2012-01-10 17:18 . 2011-12-01 10:42	15920	----a-w-	c:\windows\system32\drivers\NBVolUp.sys
2012-01-10 17:18 . 2011-12-01 10:42	72240	----a-w-	c:\windows\system32\drivers\NBVol.sys
2012-01-10 17:18 . 2012-01-10 17:58	--------	d-----w-	c:\program files (x86)\Nero
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 18:15 . 2011-12-25 12:46	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-01-26 23:52 . 2011-12-25 13:39	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-12-26 21:31 . 2011-12-26 21:31	80512	----a-w-	c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe
2011-12-26 21:31 . 2011-12-26 21:31	3058304	----a-w-	c:\windows\AsScrPro.exe
2011-12-25 20:28 . 2011-12-25 20:28	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-12-25 14:07 . 2011-03-28 17:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-25 13:57 . 2011-12-25 13:57	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-12-25 13:57 . 2011-12-25 13:57	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-25 13:57 . 2011-12-25 13:57	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-25 13:57 . 2011-12-25 13:57	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-12-25 13:57 . 2011-12-25 13:57	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-12-25 13:57 . 2011-12-25 13:57	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-12-25 13:57 . 2011-12-25 13:57	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-12-25 13:57 . 2011-12-25 13:57	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-12-25 13:57 . 2011-12-25 13:57	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-12-25 13:57 . 2011-12-25 13:57	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-12-25 13:57 . 2011-12-25 13:57	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-12-25 13:57 . 2011-12-25 13:57	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-12-25 13:57 . 2011-12-25 13:57	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-12-25 13:57 . 2011-12-25 13:57	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2011-12-25 13:57 . 2011-12-25 13:57	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-12-25 13:57 . 2011-12-25 13:57	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-12-25 13:57 . 2011-12-25 13:57	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-12-25 13:57 . 2011-12-25 13:57	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-12-25 13:57 . 2011-12-25 13:57	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-12-25 13:57 . 2011-12-25 13:57	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-12-25 13:57 . 2011-12-25 13:57	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-12-25 13:57 . 2011-12-25 13:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-12-25 13:57 . 2011-12-25 13:57	448512	----a-w-	c:\windows\system32\html.iec
2011-12-25 13:57 . 2011-12-25 13:57	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-12-25 13:57 . 2011-12-25 13:57	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-12-25 13:57 . 2011-12-25 13:57	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-25 13:57 . 2011-12-25 13:57	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-12-25 13:57 . 2011-12-25 13:57	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-12-25 13:57 . 2011-12-25 13:57	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-12-25 13:57 . 2011-12-25 13:57	222208	----a-w-	c:\windows\system32\msls31.dll
2011-12-25 13:57 . 2011-12-25 13:57	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-12-25 13:57 . 2011-12-25 13:57	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-12-25 13:57 . 2011-12-25 13:57	160256	----a-w-	c:\windows\system32\wextract.exe
2011-12-25 13:57 . 2011-12-25 13:57	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-12-25 13:57 . 2011-12-25 13:57	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-12-25 13:57 . 2011-12-25 13:57	1390080	----a-w-	c:\windows\system32\wininet.dll
2011-12-25 13:57 . 2011-12-25 13:57	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-12-25 13:57 . 2011-12-25 13:57	12288	----a-w-	c:\windows\system32\mshta.exe
2011-12-25 13:57 . 2011-12-25 13:57	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-12-25 13:57 . 2011-12-25 13:57	114176	----a-w-	c:\windows\system32\admparse.dll
2011-12-25 13:57 . 2011-12-25 13:57	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-12-25 13:57 . 2011-12-25 13:57	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-12-25 13:56 . 2011-12-25 13:56	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-12-25 13:56 . 2011-12-25 13:56	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-12-25 13:56 . 2011-12-25 13:56	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-12-25 13:56 . 2011-12-25 13:56	229888	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-12-25 13:56 . 2011-12-25 13:56	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2011-12-25 13:56 . 2011-12-25 13:56	1863680	----a-w-	c:\windows\system32\ExplorerFrame.dll
2011-12-25 13:56 . 2011-12-25 13:56	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2011-12-25 13:56 . 2011-12-25 13:56	1495040	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2011-12-25 13:56 . 2011-12-25 13:56	144384	----a-w-	c:\windows\system32\cdd.dll
2011-12-25 13:56 . 2011-12-25 13:56	135168	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2011-12-25 13:56 . 2011-12-25 13:56	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2011-12-15 14:07 . 2011-12-25 13:04	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-15 14:07 . 2011-12-25 13:04	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-15 14:07 . 2011-12-25 13:04	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-24 05:00 . 2011-12-26 12:16	3141632	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"iTunesHelper"="d:\steffi neu\Programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - d:\steffi neu\Programme\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-15 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-22 2009704]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 212.18.0.5
FF - ProfilePath - c:\users\Steffi Neu\AppData\Roaming\Mozilla\Firefox\Profiles\01p992rk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesangebote.de/muenchen/|hxxp://www.amazon.de/|hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files (x86)\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3547720498-330239209-150675497-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3547720498-330239209-150675497-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-05  13:06:42
ComboFix-quarantined-files.txt  2012-02-05 12:06
.
Vor Suchlauf: 11 Verzeichnis(se), 42.438.217.728 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 42.022.047.744 Bytes frei
.
- - End Of File - - 1B8CA845DE1407C957700D3D0CA6ABDF

--- --- ---

04.02.2012, 15:42	#2
markusg /// Malware-holic	PC wurde gesperrt von Security Fenster hi, ok poste dann die logs, sehe es mir an. __________________ __________________

PC wurde gesperrt von Security Fenster

Log-Analyse und Auswertung: PC wurde gesperrt von Security Fenster