Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: systeam gespeert :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.02.2012, 19:37   #1
Jule1983
 
systeam gespeert :( - Standard

systeam gespeert :(



habe mich ein wenig eingelesen hoffe habe alles richtig gemacht .. otl is durch
hier otl text ..

OTL logfile created on: 07.02.2012 19:06:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jule\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,68% Memory free
6,19 Gb Paging File | 5,90 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 31,92 Gb Free Space | 22,16% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,38 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: OMA-TRAUTCHEN | User Name: jule | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.07 18:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007.08.03 21:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007.07.13 06:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe


========== Modules (No Company Name) ==========

MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.02.07 17:08:10 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.08.03 19:29:31 | 000,330,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.09.28 18:36:56 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.02.04 20:42:37 | 003,602,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.07.20 10:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.08.15 11:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 11:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 14:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - [2012.02.07 17:08:11 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:06:12 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:06:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.04 20:42:32 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.24 10:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.18 17:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.05.05 02:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.13 08:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=KW_def&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.12 15:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.06 23:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 23:02:46 | 000,000,000 | ---D | M]

[2009.02.13 22:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jule\AppData\Roaming\mozilla\Extensions
[2012.02.06 23:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions
[2010.09.14 09:49:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.27 20:34:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(126)
[2012.02.06 23:15:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\jule\AppData\Roaming\mozilla\Firefox\Profiles\t75354um.default\extensions\ffxtlbr@babylon.com
[2009.03.09 21:03:21 | 000,000,681 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\ask.xml
[2012.02.06 17:13:28 | 000,000,950 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\icqplugin-2.xml
[2009.04.20 20:59:11 | 000,000,944 | ---- | M] () -- C:\Users\jule\AppData\Roaming\Mozilla\Firefox\Profiles\t75354um.default\searchplugins\icqplugin.xml
[2012.02.06 23:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.31 18:31:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.20 09:50:35 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.03.02 14:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 12:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2009.08.10 14:47:44 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2007.09.07 15:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2010.05.19 15:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007.09.07 14:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.06 23:14:55 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E3876EA-23BB-4431-B3DB-CC0ACCFF7BF4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\jule\Desktop\nicht verwendet\Unbenannt.jpg
O24 - Desktop BackupWallPaper: C:\Users\jule\Desktop\nicht verwendet\Unbenannt.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7fea1650-0f96-11de-8294-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{7fea1650-0f96-11de-8294-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7fea1652-0f96-11de-8294-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{7fea1652-0f96-11de-8294-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900b93a-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900b93a-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900b955-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900b955-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba42-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba42-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba43-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba43-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8900ba45-0b4f-11df-b367-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{8900ba45-0b4f-11df-b367-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{976cac5a-0e8c-11df-82a0-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{976cac5a-0e8c-11df-82a0-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{976cac5c-0e8c-11df-82a0-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{976cac5c-0e8c-11df-82a0-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9ab9660-0db1-11de-bd15-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ab9660-0db1-11de-bd15-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9ab967f-0db1-11de-bd15-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ab967f-0db1-11de-bd15-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522caeb-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522caeb-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522d1a3-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522d1a3-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f522d1a5-0d9e-11df-b346-001e68f16722}\Shell - "" = AutoRun
O33 - MountPoints2\{f522d1a5-0d9e-11df-b346-001e68f16722}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A4F74BF-BD32-7D89-5210-3B1ECFB0DE68} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC9B35CC-64E9-F213-A37C-3F50CE11B922} -
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E1C6E5DE-177C-4D1F-8628-3BCEBEE5D5EB} -
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA18C3BF-0675-5C4D-A6E2-FC93845E39FC} - Microsoft Windows Media Player 11.0
ActiveX: {F3967166-BE4F-E221-A53B-5D56CC598C58} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^jule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.02.07 18:50:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
[2012.02.06 23:36:25 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Avira
[2012.02.06 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.06 23:34:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.06 23:34:49 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.06 23:34:49 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.06 23:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.06 23:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.06 23:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012.02.06 23:05:57 | 000,000,000 | ---D | C] -- C:\Users\jule\Application Data
[2012.02.06 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\jule\Option
[2012.02.01 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Casual Arts
[2012.02.01 20:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Casual Arts
[2012.02.01 18:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe
[2012.02.01 17:34:01 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\VendelGAMES
[2012.01.31 22:03:50 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\FamilyVacationCalifornia
[2012.01.31 21:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Grey Alien Games
[2012.01.31 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\GameMill Entertainment
[2012.01.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Clutter
[2012.01.31 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Family Vacation California
[2012.01.31 19:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Inn - Driftwood
[2012.01.31 19:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Holiday Bonus
[2012.01.31 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Die Verbotene Stadt
[2012.01.31 19:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vacation Quest - The Hawaiian Islands
[2012.01.31 19:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Weihnachtswunderland
[2012.01.31 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\casualArts
[2012.01.31 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2012.01.30 21:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Weihnachtswunderland 2
[2012.01.30 21:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hodgepodge Hollow
[2012.01.30 20:21:06 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\MediaArt
[2012.01.30 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2012.01.30 18:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Love Story - Das Strandhaus
[2012.01.30 18:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\PuppetShow - Die verlorene Stadt
[2012.01.30 18:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Salem Secrets
[2012.01.30 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Valley
[2012.01.30 18:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Love Chronicles 2 - Das Schwert und die Rose
[2012.01.30 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\TikisLab
[2012.01.30 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spirit Seasons - Kleine Geistergeschichte
[2012.01.30 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Vast Studios
[2012.01.29 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2012.01.29 16:58:39 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Artogon
[2012.01.29 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Die Schatzsucher 4 - Das Ende ist Nahe
[2012.01.29 16:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lost Chronicles - Salem
[2012.01.29 16:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Shadow Wolf Mysteries - Der Fluch des Vollmonds
[2012.01.29 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Legends - Die Pik-Dame
[2012.01.29 11:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Stray Souls - Das Haus der Puppen
[2012.01.29 11:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Trackers - The Void
[2012.01.29 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Elephant Games
[2012.01.28 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Local\Ilivid Player
[2012.01.28 18:46:38 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Local\PackageAware
[2012.01.27 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\Boomzap
[2012.01.27 22:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Death at Fairing Point - Ein Dana Knightstone Roman
[2012.01.27 22:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Samantha Swift and the Fountains of Fate
[2012.01.27 21:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Urban Legends - The Maze
[2012.01.27 21:50:48 | 000,000,000 | ---D | C] -- C:\Users\jule\AppData\Roaming\ERS Game Studios
[2012.01.21 18:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cooking Quest
[2012.01.21 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
[2012.01.21 18:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Halls - Das Grauen von Green Hills
[2012.01.21 18:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\MyPlayCity.com
[2012.01.12 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\jule\Desktop\musik.to
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2012.02.07 18:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jule\Desktop\OTL.exe
[2012.02.07 18:30:07 | 004,270,980 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.07 18:30:07 | 001,723,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.07 18:30:07 | 001,321,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.07 18:30:07 | 001,187,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.07 18:26:37 | 000,044,931 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.02.07 18:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 17:41:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.02.07 17:40:24 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.02.07 17:37:41 | 000,189,384 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.07 17:37:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 17:37:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 17:26:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.07 17:10:10 | 000,002,299 | ---- | M] () -- C:\Users\jule\AppData\Roaming\acervcmtmp.ini
[2012.02.07 17:08:11 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.07 16:53:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 23:35:14 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.06 23:24:45 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.06 23:15:07 | 000,000,226 | ---- | M] () -- C:\user.js
[2012.02.06 20:02:48 | 000,001,356 | ---- | M] () -- C:\Users\jule\AppData\Local\d3d9caps.dat
[2012.02.01 21:09:01 | 000,189,384 | ---- | M] () -- C:\ProgramData\nvModes.dat

========== Files Created - No Company Name ==========

[2012.02.06 23:35:14 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.06 23:15:06 | 000,000,226 | ---- | C] () -- C:\user.js
[2011.04.01 19:37:34 | 000,001,356 | ---- | C] () -- C:\Users\jule\AppData\Local\d3d9caps.dat
[2009.09.28 09:31:01 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.09.27 14:22:12 | 000,015,307 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.30 16:29:42 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2009.08.30 16:29:42 | 000,000,849 | ---- | C] () -- C:\Windows\unins000.dat
[2009.04.09 14:29:15 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.02.17 23:17:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.17 23:17:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.17 09:20:19 | 000,189,384 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.02.17 09:20:16 | 000,189,384 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.17 09:19:26 | 000,002,299 | ---- | C] () -- C:\Users\jule\AppData\Roaming\acervcmtmp.ini
[2009.02.13 22:11:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.05 08:13:40 | 000,171,520 | ---- | C] () -- C:\Users\jule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.04 20:42:59 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.02.04 20:20:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.02.04 20:20:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.02.04 20:20:40 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.07.30 02:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 08:15:58 | 004,270,980 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 001,321,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,298,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,723,910 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,187,056 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.11.25 22:27:30 | 000,000,000 | -HSD | M] -- C:\Users\jule\AppData\Roaming\.#
[2009.10.29 19:07:44 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Abra Academy2
[2009.02.04 20:56:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Acer GameZone Console
[2011.10.25 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\AlderGames
[2011.09.17 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Anarchy
[2011.09.23 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Artifex Mundi
[2012.01.29 16:58:39 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Artogon
[2010.08.18 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Big Fish Games
[2011.09.16 16:24:47 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\BlamGames
[2011.09.18 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\blg
[2010.08.18 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Bluefishv1002de
[2011.09.23 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Boolat Games
[2012.01.27 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Boomzap
[2011.05.19 09:29:48 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Canon
[2012.02.01 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Casual Arts
[2012.01.31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\casualArts
[2011.09.15 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\cerasus.media
[2010.07.16 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\DeepBurner
[2011.09.27 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Dekovir
[2012.01.29 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Elephant Games
[2012.01.30 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ERS Game Studios
[2010.08.31 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\EscapeTheMuseum2
[2012.01.31 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FamilyVacationCalifornia
[2011.09.09 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FBI
[2011.11.27 18:53:22 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Firstload
[2009.08.30 16:29:43 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Flatcast
[2010.08.18 12:27:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Flood Light Games
[2009.02.17 22:09:21 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\FloodLightGames
[2012.01.29 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Friday's games
[2009.04.06 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Gaijin Ent
[2010.05.06 20:42:16 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GameHousev1001
[2012.01.31 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GameMill Entertainment
[2009.10.01 09:22:13 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Gamers Digital
[2011.09.21 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\GamesCafe
[2011.09.19 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Go Go Gourmet
[2011.09.26 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010.08.18 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Green Clover Games
[2011.02.27 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\HiT-MM
[2009.03.31 18:52:30 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ICQ
[2011.11.21 22:55:03 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\iWin
[2011.09.15 23:26:23 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Jane s Hotel 3
[2011.09.27 20:07:46 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Magic Academy
[2011.09.19 19:09:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Mean Hamster
[2012.01.30 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\MediaArt
[2010.10.08 09:08:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Mysteryville2
[2011.09.27 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Nevosoft-Breeze
[2010.05.19 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\OpenCandy
[2011.09.16 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Ph03nixNewMedia
[2011.09.27 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\PlayFirst
[2011.09.23 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\RTS
[2011.03.01 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Sahmon Games
[2011.09.28 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\SerpentOfIsis
[2011.09.20 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Shape games
[2009.09.28 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Skunk Studios
[2011.09.21 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Spark Plug Games
[2012.02.01 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\SpinTop Games
[2011.09.15 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Stand O'Food 3
[2012.01.30 18:21:34 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\TikisLab
[2009.10.27 12:43:33 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\TitanicMystery
[2011.09.20 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\V-Games
[2011.09.23 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Vasilek Games
[2012.01.30 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Vast Studios
[2012.02.01 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\VendelGAMES
[2011.12.04 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Verbindungsassistent
[2011.09.20 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\ViquaSoft
[2011.09.23 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\World-Loom
[2011.09.27 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\YoudaGames
[2011.09.27 20:14:31 | 000,000,000 | ---D | M] -- C:\Users\jule\AppData\Roaming\Zylom 3 Days Zoo Mystery
[2009.10.14 23:59:59 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.01.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.02.07 17:36:22 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.02.11 19:34:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.02.04 21:04:42 | 000,000,000 | ---D | M] -- C:\ACER
[2012.02.01 12:37:06 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2008.07.30 03:41:04 | 000,000,000 | ---D | M] -- C:\book
[2009.09.29 09:31:49 | 000,000,000 | ---D | M] -- C:\Boonty
[2008.07.30 11:23:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.02.04 20:41:22 | 000,000,000 | ---D | M] -- C:\CLSetup
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.04 20:08:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.28 08:11:41 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.11.01 22:43:31 | 000,000,000 | ---D | M] -- C:\GameHouse Games
[2008.07.30 02:15:59 | 000,000,000 | ---D | M] -- C:\Intel
[2008.07.30 03:16:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.06 23:34:45 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.02.06 23:34:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.04 20:08:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.07 17:09:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.02.04 20:10:36 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.07 18:25:30 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.27 21:45:53 | 000,000,000 | ---D | M] -- C:\Zylom Games

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.04.20 17:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.02.07 18:55:20 | 003,407,872 | -HS- | M] () -- C:\Users\jule\ntuser.dat
[2012.02.07 18:55:20 | 000,262,144 | -H-- | M] () -- C:\Users\jule\ntuser.dat.LOG1
[2010.04.05 20:54:13 | 000,262,144 | -H-- | M] () -- C:\Users\jule\ntuser.dat.LOG2
[2012.02.07 17:36:29 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TM.blf
[2012.02.07 17:36:29 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2011.03.15 08:47:34 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2b50b8c6-4e1c-11e0-af24-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2011.03.06 17:19:07 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TM.blf
[2011.03.06 17:19:07 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.11.29 11:20:32 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{2f79c805-fba2-11df-b786-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010.04.05 20:54:13 | 001,048,576 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010.04.05 20:54:13 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010.05.07 16:24:22 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.07 16:24:22 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.02.04 20:20:44 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.11.13 18:33:00 | 000,065,536 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TM.blf
[2010.11.13 18:33:00 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.09.10 07:48:36 | 000,524,288 | -HS- | M] () -- C:\Users\jule\ntuser.dat{4dbf40da-bca7-11df-a0f6-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2010.09.05 13:44:08 | 000,065,536 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TM.blf
[2010.09.05 13:44:08 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 18:33:48 | 000,524,288 | -HS- | M] () -- C:\Users\jule\NTUSER.DAT{d1957af3-827f-11df-89e5-001e68f16722}.TMContainer00000000000000000002.regtrans-ms
[2009.02.04 20:10:37 | 000,000,020 | -HS- | M] () -- C:\Users\jule\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:225CD7D5
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp48500F8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TempA5926CF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp882BE37
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:66871744
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:609CAC7C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:59465B40
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:10CFA7D4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:014BC3B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:943E8182
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:76466F4C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2E9900EE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:193CB03B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:701B92FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:491270B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A8606E6E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9D5BB34A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TempD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B1E64E47
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5C0940F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0915A718
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1D818F7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp31BE97C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B6E6C4EA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9857FAE3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A4BF246C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp9987109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C8AC644A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:52641FBE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A01F3A87
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp3A82449
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3815BC84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp576A536
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:490BCC52
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F67AAFC5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9DB67071
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:97995ED4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:861A898F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:883EDFB5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:FC60E0F8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F1F936DF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:69AF9D20
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2ADF9928
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:24C072FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0F38F234
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CFF6B3FF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8CCDAB14
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B99FE60
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:FC420CE6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2211E7A0
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3FD496E1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AE9351E0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:151760F0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A561576B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:13DF9DD1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:10D98D98
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:090FB735

< End of report >

Alt 07.02.2012, 19:39   #2
Jule1983
 
systeam gespeert :( - Standard

systeam gespeert :(



hier ist der extra.txt - editorOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.02.2012 19:06:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\jule\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,68% Memory free
6,19 Gb Paging File | 5,90 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 31,92 Gb Free Space | 22,16% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,38 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: OMA-TRAUTCHEN | User Name: jule | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D91475-CEB0-4E19-AC14-A3F976F63A64}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{11901E1A-43EE-41CC-A062-BBFBA57F2E98}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3C156071-0052-40C3-9555-FAA04EBD1B55}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{581D1883-E744-49D6-98B5-8894AE461C62}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5DCE2285-44DF-4AA4-B0BD-691837848C58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{75078221-1762-4FDB-96F0-EA4E2778C79E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D7854AA-7811-422C-9726-94A12855813D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8D465AA1-6CA5-467F-B422-D19D2C1D36D9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E68FDA5-F5AA-486A-A719-6B63D2C1B019}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9629E521-9F28-48C0-9357-3428809ADFA5}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9FF13D6E-E823-4240-95AE-4A9C01A8EABD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A8AEE792-F66B-495D-8CDA-15C65C7E150B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A920C908-D3BD-40FB-829B-C6896E645BC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B6FFC21B-4678-4420-A947-D0966CE7F962}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C162F45D-EE47-4010-BC7D-1375FD6722C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C44C1B2A-7D0B-456A-88E7-236A25722D82}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C45EFEFF-A884-4D5D-BA8D-1094EFAC9BC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DEAABFC2-BDBA-407D-9249-3090936C18F6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8CC8530-3A1A-44AF-90D3-AF875CEA830D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F99BF815-017B-461B-8B4A-4C72B1157957}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF8D5A-75DF-4F3F-8035-657AC54B60E8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{51DD7296-C76A-4F45-A58A-1FCE43F370A3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{51F2A9D4-9D8E-4B9E-BEAF-2A979896C4D3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5F6A1299-D98C-4820-94EF-64A58D910F7B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{63E8DEFC-E6EB-4B99-B9C8-2FD4771133B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{66C2BE50-348E-4C3B-B674-D07ED9E30A8A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{6AFC73D4-92CE-4B99-9592-8400834CA79C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6E31E157-A88F-406B-89CF-B5D9C630A637}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{84C5CC99-5FBB-4D4F-9BD0-B2BF93C69409}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{8717AF46-97FC-465B-9558-1FBF757D97AA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{936044C1-FCA8-4EFE-BAE0-16E5D8A51602}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{CDFAC7BB-701F-4391-9AEA-80513DCDD082}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D572B4DD-B841-495C-810B-53983A159586}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DD8B66C9-34AA-4027-8316-4E77CEC4F13F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{ECACCFB1-ABC7-4E23-8413-312EE92579A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EDA00762-8F04-4D93-834B-51DEB465A8DE}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15489950-5311-1729-6792-134541541337}" = Gourmania 3: Mein Zoo
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"45c023a4ea225afc375e1c5d3c061dcb" = Gourmania
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"BearShare MediaBar" = MediaBar 2.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Go-Go Gourmet" = Go-Go Gourmet
"BFG-Gourmania 3 - Mein Zoo" = Gourmania 3: Mein Zoo
"BFG-Mall-a-Palooza" = Mall-a-Palooza
"BFG-Turbo Pizza" = Turbo Pizza
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2 RC2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Gourmania" = Gourmania
"Gourmania 3" = Gourmania 3 (remove only)
"Gourmania 3 - Zoo Zoom_is1" = Gourmania 3 - Zoo Zoom de
"Gourmania 3: Mein Zoo" = Gourmania 3: Mein Zoo
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MSC" = McAfee SecurityCenter
"Mysteryville 2" = Mysteryville 2
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbindungsassistent" = Verbindungsassistent
"Videoload Manager" = Videoload Manager 1.0.1545
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.01.2012 14:26:19 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 01.02.2012 07:37:21 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 01.02.2012 14:40:30 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 02.02.2012 04:28:20 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 02.02.2012 04:28:31 | Computer Name = oma-trautchen | Source = VSS | ID = 12301
Description = 
 
Error - 02.02.2012 04:28:31 | Computer Name = oma-trautchen | Source = System Restore | ID = 8193
Description = 
 
Error - 02.02.2012 04:28:31 | Computer Name = oma-trautchen | Source = System Restore | ID = 8210
Description = 
 
Error - 03.02.2012 14:02:16 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 05.02.2012 13:42:10 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 05.02.2012 13:43:35 | Computer Name = oma-trautchen | Source = Windows Search Service | ID = 1006
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
hoffe könnt mir schnell helfen ! vielen dank im vorraus
__________________


Alt 07.02.2012, 20:41   #3
Jule1983
 
systeam gespeert :( - Standard

systeam gespeert :(



bitte um hilfe
__________________

Antwort

Themen zu systeam gespeert :(
alternate, antivir, autorun, avira, babylon, bho, canon, defender, explorer, firefox, format, home, intranet, launch, logfile, microsoft, nvidia, nvstor.sys, opera, pdf, phishing, plug-in, popup, realtek, registry, required, rundll, scan, search the web, siteadvisor, software, spark, version=1.0, vista, winlogon.exe, yahoo




Ähnliche Themen: systeam gespeert :(


  1. PC gespeert - Ransom Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (19)
  2. Gema Virus, Der Rechner wurde gespeert
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (15)
  3. "Ihr Computer wurde gespeert"
    Log-Analyse und Auswertung - 09.09.2012 (4)
  4. Rechner wurde gespeert (100€ zum freischalten) wndos xp
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  5. aus sicherheitsgründen ist ihr system gespeert
    Log-Analyse und Auswertung - 24.04.2012 (4)
  6. Ein weiteres "Achtung aus Sicherheitsgründen wurde ihr Windows gespeert" Opfer
    Log-Analyse und Auswertung - 08.02.2012 (4)
  7. [2x] Ein weiteres "Achtung aus Sicherheitsgründen wurde ihr Windows gespeert" Opfer
    Mülltonne - 07.02.2012 (1)
  8. Win 7, gespeert durch die Gema 50 Euro bezahlen
    Log-Analyse und Auswertung - 30.12.2011 (5)
  9. Aus sicherheitsgründen wurde windows gespeert soll 50E Zahlen
    Log-Analyse und Auswertung - 21.12.2011 (3)
  10. Windows wurde aus Sicherheitsgründen gespeert.... :-(
    Log-Analyse und Auswertung - 20.12.2011 (16)
  11. Online Banking gespeert wegen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.09.2009 (4)
  12. Bataalexander GESPEERT????
    Lob, Kritik und Wünsche - 29.09.2007 (2)
  13. Taskmanager ung rededit gespeert
    Log-Analyse und Auswertung - 03.12.2005 (10)

Zum Thema systeam gespeert :( - habe mich ein wenig eingelesen hoffe habe alles richtig gemacht .. otl is durch hier otl text .. OTL logfile created on: 07.02.2012 19:06:36 - Run 1 OTL by OldTimer - systeam gespeert :(...
Archiv
Du betrachtest: systeam gespeert :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.