Spam-Mails von eigener E-Mailadresse

Nyo · 29.02.2012, 20:21

Hallo!

Meine E-Mailadresse versendet zurzeit Spam-Mails an Privatkontakte aus meinem Adressbuch. Auf der Suche nach einer Lösung bin ich auf dasselbe Thema auf eurem Trojaner-Board gestoßen (http://www.trojaner-board.de/81680-e...pam-mails.html). Ich hoffe, ihr könnt mir weiterhelfen!

Ich habe zurzeit Antivir auf dem Rechner laufen. Beim kompletten Scan ergaben sich mehrere Logs.

Anschließend habe ich den ersten Schritt unternommen, der zu demselben Thema auf eurem Trojaner-Board empfohlen wurde und einen kompletten Scan mit Malwarebytes durchgeführt. Allerdings muss ich sagen, dass ich den Log nicht sauber abgespeichert habe und nicht wiederfinden kann. Deshalb habe ich stattdessen einen Screenshot mit den Dateien in Quarantäne angehängt.

Zum Schluss habe ich gemacht, was in der Anleitung zur Eröffnung eines neuen Themas steht:

1. Scan mit defogger. (Ich bin mir nicht sicher, ob eine wirkliche Fehlermeldung da war... Ich häng die Log-Datei trotzdem an.)
2. Scan mit dds.
3. KEIN Scan mit Gmer, da ich ein x84-basiertes System habe.

Anbei findet ihr alle Logs und den Screenshot. Ich würde mich wahnsinnig über baldige Hilfe freuen!

N.

cosinus · 01.03.2012, 21:12

Schau mal im Reiter Logdateien von Malwarebytes anch, dort sind alle Logs zu finden

Nyo · 02.03.2012, 00:05

Danke für die schnelle Reaktion!

Ja, tatsächlich! Ich habe mit dem Admin-Konto gescannt, aber anschließend nicht beachtet auch unter dem Admin-Konto nach den Logs zu schauen. Ich habe es jetzt mit hochgeladen.

cosinus · 02.03.2012, 13:26

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Nyo · 02.03.2012, 21:01

So, habe jetzt auch den ESET Scanner ausgeführt. Anbei die Log-Datei!

cosinus · 05.03.2012, 11:04

Zitat:

J:\***\Downloads\Programme\SoftonicDownloader_fuer_adobe-indesign.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Nyo · 05.03.2012, 13:09

Vielen Dank für den Hinweis! Anbei wie gewünscht die OTL.txt in Code-Tags:

Code:

ATTFilter

OTL logfile created on: 05.03.2012 12:02:17 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,43% Memory free
6,20 Gb Paging File | 5,01 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,86 Gb Total Space | 33,12 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 176,08 Gb Free Space | 75,61% Space Free | Partition Type: NTFS
Drive E: | 9,03 Gb Total Space | 1,65 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive J: | 232,83 Gb Total Space | 79,84 Gb Free Space | 34,29% Space Free | Partition Type: FAT32
 
Computer Name: NYO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.05 11:59:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.02.03 13:43:38 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.05.17 15:14:11 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2010.05.17 15:14:09 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.08 12:29:57 | 001,528,584 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2008.07.02 09:55:21 | 000,591,112 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
PRC - [2008.06.19 12:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.26 00:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.05.17 15:14:11 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2010.05.17 15:14:09 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.04.05 11:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010.04.05 11:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 11:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010.04.05 11:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010.04.05 11:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010.04.01 18:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010.04.01 18:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.06.23 12:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009.06.23 12:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 12:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2009.05.27 13:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll
MOD - [2009.04.07 20:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.10 06:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 15:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll
MOD - [2008.08.08 13:29:10 | 000,176,128 | ---- | M] () -- C:\Programme\Tobit ClipInc\Player\ClipInc$.ger
MOD - [2008.08.06 16:39:26 | 005,254,144 | ---- | M] () -- C:\Programme\Tobit ClipInc\Player\tobitclt.dll
MOD - [2008.06.25 21:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.25 21:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.25 21:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008.06.25 21:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.19 12:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PIPIStartSvr)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- 

(AntiVirSchedulerService)
SRV - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.27 11:59:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet 

Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 21:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- 

(SwitchBoard)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4

\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.08.08 12:29:57 | 001,528,584 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.04.26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] --  -- (LongRADrv)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - [2012.02.18 15:33:47 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.08 16:40:24 | 000,363,112 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32

\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.20 10:31:29 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.03.06 11:31:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.07.14 12:34:15 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 

-- (RivaTuner32)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.07.08 11:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.06.25 21:35:28 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- 

(Accelerometer)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- 

(HpqKbFiltr)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {AF87E9C8-C850-44DB-AA47-5F3B71B85896}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}

&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}

&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tao123.com/?1613
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?

siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}

&oe={outputEncoding}&bar=13&tn=cloudmk_cb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 

ftp=137.132.250.13:8080;http=137.132.250.13:8080;https=137.132.250.13:8080
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes,DefaultScope = {AA35FF05-DF71-48B9-90AF-C0EF5BB66371}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{06D26D1A-33DE-4369-A2DA-1429677C5D18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search=

{searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{61E931D5-5691-4A05-9662-ADBCF8F11612}: "URL" = hxxp://dict.leo.org/ende?

lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{63D6B1D2-8703-406D-836C-3B57C8B8C92B}: "URL" = hxxp://en.wikipedia.org/wiki/{searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{AA35FF05-DF71-48B9-90AF-C0EF5BB66371}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.22 09:53:01 | 000,000,000 | ---D | 

M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.27 12:14:30 | 000,000,000 | ---D | M]
 
[2009.02.22 01:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.10.14 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\et8m0uha.default\extensions
[2011.05.21 13:47:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- 

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\et8m0uha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.04 09:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.29 14:22:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.29 14:22:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}

{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}

&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0

\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2011.02.27 14:32:14 | 000,001,262 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\Admin\AppData\Roaming\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft 

Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1000..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft 

Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft 

Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies 

S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1002\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {3234504D-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/9/6/D/96D2E5C2-452A-4A7B-89FA-C718CBA42568/mpeg4ax.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{995F80EE-C9DA-449C-9552-D774027A2AF3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Users\***\Documents\Eigene Dateien\Bleach\Wallpaper\[AnimePaper]wallpapers_Bleach_El-Cadejos(1_6)_1440x900_72630.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.09.14 08:59:20 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{fa910dfc-837c-11e0-b071-b96be34e5c18}\Shell - "" = AutoRun
O33 - MountPoints2\{fa910dfc-837c-11e0-b071-b96be34e5c18}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B9D8B6D0-0C8D-94BE-7F2E-4FDFC2B27003} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D884FCB4-A441-D3B3-28D6-E019D3B1508E} - Macromedia Shockwave Director 10.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 12:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 12:14:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.25 21:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.02.20 02:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.20 02:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.02.20 01:19:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012.02.20 01:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\BrawlBusters
[2012.02.20 01:12:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brawl Busters
[2012.02.18 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2012.02.18 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.18 15:26:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.18 15:26:23 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 15:26:23 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.02.18 15:26:23 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.18 15:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.18 15:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.15 12:29:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.02.12 17:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.05 11:55:45 | 000,000,249 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.03.05 11:54:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.05 11:54:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 11:54:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 11:54:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.05 03:52:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.05 03:29:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 02:44:18 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001UA.job
[2012.03.04 20:44:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001Core.job
[2012.03.02 11:56:26 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.02.29 19:25:05 | 000,000,176 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.02.29 11:56:07 | 000,689,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.29 11:56:07 | 000,646,970 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.29 11:56:07 | 000,152,144 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.29 11:56:07 | 000,124,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.25 21:37:25 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2012.02.20 02:03:11 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.20 01:12:29 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\Brawl Busters.lnk
[2012.02.18 17:47:34 | 003,788,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.18 15:33:47 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 15:26:51 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.18 01:37:19 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.29 19:24:39 | 000,000,176 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.02.20 02:03:11 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.20 01:12:29 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\Brawl Busters.lnk
[2012.02.18 15:26:51 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.06 10:03:18 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.12.04 13:09:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.04 13:07:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.24 23:44:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.16 09:01:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.08 19:26:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2011.10.08 19:26:50 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2011.10.08 19:26:37 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2011.10.08 19:26:34 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2011.10.08 19:26:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2011.10.08 19:21:59 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxecrwrd.ini
[2011.10.08 19:21:43 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2011.10.08 19:21:42 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2011.10.08 19:21:41 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2011.10.08 19:21:41 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2011.10.08 19:21:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2011.10.08 19:21:41 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2011.10.08 19:21:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2011.10.08 19:21:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2011.10.08 19:21:39 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2011.10.08 19:21:39 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2011.10.08 19:21:39 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2011.10.08 19:21:39 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2011.10.08 19:21:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2011.10.08 19:21:38 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2011.10.08 19:21:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2011.10.08 19:21:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2011.10.08 19:21:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2011.10.08 19:21:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2011.10.08 19:21:37 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2011.10.08 19:21:37 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2011.10.08 19:21:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2011.10.08 19:21:37 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2011.10.08 19:20:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2011.10.08 19:20:47 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2011.10.05 16:39:18 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.18 22:35:41 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.18 22:34:20 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.12.18 22:34:20 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.24 10:58:28 | 000,000,061 | ---- | C] () -- C:\Windows\config.ini
[2010.11.23 20:03:15 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.11.23 20:01:53 | 000,000,600 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010.11.23 20:01:52 | 000,002,649 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010.07.06 21:30:30 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2010.03.27 23:15:23 | 000,021,504 | ---- | C] () -- C:\Users\Admin\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2010.11.26 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt
[2010.11.23 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BITS
[2011.10.05 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CAD-KAS
[2010.05.31 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2008.12.12 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exit Windows
[2008.09.14 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.02.06 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LG Electronics
[2011.12.01 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2010.12.18 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Local
[2010.09.27 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2010.07.06 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Millennia
[2011.10.30 10:56:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012.01.27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.02.28 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIPI
[2010.03.01 23:37:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpinTop
[2010.05.31 08:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MatchWare
[2011.07.26 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WildTangent
[2011.07.21 11:17:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.anki
[2011.07.21 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.matplotlib
[2010.11.23 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.10.05 17:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS
[2011.08.27 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2009.12.10 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2012.02.12 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.12.01 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios
[2010.09.28 00:01:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2008.09.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2010.05.25 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MatchWare
[2010.07.06 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Millennia
[2010.02.23 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusE
[2009.04.17 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NJStar
[2011.10.30 10:58:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2008.09.18 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Open Source Applications Foundation
[2012.01.27 23:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.03.02 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PIPI
[2008.10.07 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2009.04.10 09:28:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PPLive
[2010.12.28 15:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2008.09.18 14:59:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Python-Eggs
[2012.01.15 17:24:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rags
[2011.11.21 16:36:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee
[2010.05.25 22:31:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartDraw
[2008.09.13 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2008.09.20 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.10.17 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.01.26 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ultrastardx
[2008.09.14 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2012.03.04 20:44:06 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001Core.job
[2012.03.05 02:44:18 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001UA.job
[2012.03.05 03:52:52 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.01 14:27:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010.11.26 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt
[2008.09.22 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2010.07.17 09:40:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ArcSoft
[2012.02.18 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira
[2010.11.23 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BITS
[2011.10.05 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CAD-KAS
[2010.05.31 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2010.12.18 22:34:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2008.12.12 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exit Windows
[2008.10.12 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hewlett-Packard
[2008.09.14 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008.09.13 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.02.06 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2011.02.06 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LG Electronics
[2011.12.01 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2010.12.18 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Local
[2010.09.27 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2008.09.13 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2010.05.31 12:17:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.12.06 10:08:34 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2010.07.06 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Millennia
[2009.02.22 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.10.30 10:56:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012.01.27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.02.28 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIPI
[2012.02.28 23:07:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2010.03.01 23:37:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpinTop
[2008.09.13 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Symantec
[2008.09.14 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.11.23 20:01:52 | 007,527,000 | ---- | M] (Trend Media Corporation Limited.) -- C:\Users\Admin\AppData\Roaming\FlashgetSetup\flashget_17912_1.exe
[2010.07.10 10:31:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash 

Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.07.06 21:37:52 | 000,021,630 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}\ARPPRODUCTICON.exe
[2010.07.06 21:37:52 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}

\FTLegend.exe1_1E7C15062BCD46498311FC742781F246.exe
[2010.07.06 21:37:52 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}

\FTLegend.exe_1E7C15062BCD46498311FC742781F246.exe
[2011.11.17 23:15:52 | 000,029,926 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
[2011.11.17 23:15:52 | 000,029,422 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
[2009.07.09 08:32:20 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00

\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84

\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-

dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011.10.07 16:28:36 | 000,024,704 | R--- | M] () MD5=003C387405B636F7633DAD80FDE9F436 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691

\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4

\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-

netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-

netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-

user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-

user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-

wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-

ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:50E9A83B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9CEDC859

< End of report >

--- --- ---

cosinus · 05.03.2012, 14:26

Also dein Log sieht von der Form her merkwürdig aus. Einige Zeilen sind offensichtlich "beschnitten" - prüf das mal ob du das Log ohne Fehler hier reinkopiert hast.
Notfalls die OTL.txt zippen und hier als Anhang posten

Nyo · 05.03.2012, 15:57

Okay, auf ein Neues:

Code:

ATTFilter

OTL logfile created on: 05.03.2012 12:02:17 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,43% Memory free
6,20 Gb Paging File | 5,01 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,86 Gb Total Space | 33,12 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 176,08 Gb Free Space | 75,61% Space Free | Partition Type: NTFS
Drive E: | 9,03 Gb Total Space | 1,65 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive J: | 232,83 Gb Total Space | 79,84 Gb Free Space | 34,29% Space Free | Partition Type: FAT32
 
Computer Name: NYO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.05 11:59:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.02.03 13:43:38 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.05.17 15:14:11 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2010.05.17 15:14:09 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.08 12:29:57 | 001,528,584 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2008.07.02 09:55:21 | 000,591,112 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
PRC - [2008.06.19 12:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.26 00:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.05.17 15:14:11 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2010.05.17 15:14:09 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.04.05 11:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010.04.05 11:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 11:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010.04.05 11:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010.04.05 11:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010.04.01 18:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010.04.01 18:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.06.23 12:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009.06.23 12:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 12:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2009.05.27 13:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll
MOD - [2009.04.07 20:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.10 06:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 15:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll
MOD - [2008.08.08 13:29:10 | 000,176,128 | ---- | M] () -- C:\Programme\Tobit ClipInc\Player\ClipInc$.ger
MOD - [2008.08.06 16:39:26 | 005,254,144 | ---- | M] () -- C:\Programme\Tobit ClipInc\Player\tobitclt.dll
MOD - [2008.06.25 21:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.25 21:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.25 21:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008.06.25 21:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.19 12:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PIPIStartSvr)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- 

(AntiVirSchedulerService)
SRV - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.27 11:59:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet 

Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 21:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- 

(SwitchBoard)
SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4

\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.08.08 12:29:57 | 001,528,584 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.04.26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] --  -- (LongRADrv)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - [2012.02.18 15:33:47 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.08 16:40:24 | 000,363,112 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32

\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.20 10:31:29 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.03.06 11:31:39 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.07.14 12:34:15 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 

-- (RivaTuner32)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.07.08 11:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.06.25 21:35:28 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.27 11:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 11:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- 

(Accelerometer)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- 

(HpqKbFiltr)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {AF87E9C8-C850-44DB-AA47-5F3B71B85896}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}

&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}

&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tao123.com/?1613
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?

siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}

&oe={outputEncoding}&bar=13&tn=cloudmk_cb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 

ftp=137.132.250.13:8080;http=137.132.250.13:8080;https=137.132.250.13:8080
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes,DefaultScope = {AA35FF05-DF71-48B9-90AF-C0EF5BB66371}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{06D26D1A-33DE-4369-A2DA-1429677C5D18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search=

{searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{61E931D5-5691-4A05-9662-ADBCF8F11612}: "URL" = hxxp://dict.leo.org/ende?

lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{63D6B1D2-8703-406D-836C-3B57C8B8C92B}: "URL" = hxxp://en.wikipedia.org/wiki/{searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{AA35FF05-DF71-48B9-90AF-C0EF5BB66371}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?

sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-672047421-1350469036-312510088-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.22 09:53:01 | 000,000,000 | ---D | 

M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.27 12:14:30 | 000,000,000 | ---D | M]
 
[2009.02.22 01:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.10.14 20:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\et8m0uha.default\extensions
[2011.05.21 13:47:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- 

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\et8m0uha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.04 09:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.29 14:22:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.29 14:22:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}

{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}

&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0

\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2011.02.27 14:32:14 | 000,001,262 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\Admin\AppData\Roaming\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft 

Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems 

Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark 

Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1000..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [ClipIncSrvTray] C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-672047421-1350469036-312510088-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft 

Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-672047421-1350469036-312510088-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft 

Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies 

S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-672047421-1350469036-312510088-1002\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {3234504D-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/9/6/D/96D2E5C2-452A-4A7B-89FA-C718CBA42568/mpeg4ax.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{995F80EE-C9DA-449C-9552-D774027A2AF3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Users\***\Documents\Eigene Dateien\Bleach\Wallpaper\[AnimePaper]wallpapers_Bleach_El-Cadejos(1_6)_1440x900_72630.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.09.14 08:59:20 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{fa910dfc-837c-11e0-b071-b96be34e5c18}\Shell - "" = AutoRun
O33 - MountPoints2\{fa910dfc-837c-11e0-b071-b96be34e5c18}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B9D8B6D0-0C8D-94BE-7F2E-4FDFC2B27003} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D884FCB4-A441-D3B3-28D6-E019D3B1508E} - Macromedia Shockwave Director 10.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.29 12:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 12:14:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.25 21:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.02.20 02:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.20 02:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.02.20 01:19:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012.02.20 01:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\BrawlBusters
[2012.02.20 01:12:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brawl Busters
[2012.02.18 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2012.02.18 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.18 15:26:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.18 15:26:23 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 15:26:23 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.02.18 15:26:23 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.18 15:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.18 15:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.15 12:29:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.02.12 17:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.05 11:55:45 | 000,000,249 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.03.05 11:54:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.05 11:54:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 11:54:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 11:54:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.05 03:52:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.05 03:29:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 02:44:18 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001UA.job
[2012.03.04 20:44:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001Core.job
[2012.03.02 11:56:26 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.02.29 19:25:05 | 000,000,176 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.02.29 11:56:07 | 000,689,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.29 11:56:07 | 000,646,970 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.29 11:56:07 | 000,152,144 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.29 11:56:07 | 000,124,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.25 21:37:25 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2012.02.20 02:03:11 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.20 01:12:29 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\Brawl Busters.lnk
[2012.02.18 17:47:34 | 003,788,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.18 15:33:47 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 15:26:51 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.18 01:37:19 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.29 19:24:39 | 000,000,176 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.02.20 02:03:11 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.20 01:12:29 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\Brawl Busters.lnk
[2012.02.18 15:26:51 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.06 10:03:18 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.12.04 13:09:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.04 13:07:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.24 23:44:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.16 09:01:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.08 19:26:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2011.10.08 19:26:50 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2011.10.08 19:26:37 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2011.10.08 19:26:34 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2011.10.08 19:26:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2011.10.08 19:21:59 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxecrwrd.ini
[2011.10.08 19:21:43 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2011.10.08 19:21:42 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2011.10.08 19:21:41 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2011.10.08 19:21:41 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2011.10.08 19:21:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2011.10.08 19:21:41 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2011.10.08 19:21:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2011.10.08 19:21:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2011.10.08 19:21:39 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2011.10.08 19:21:39 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2011.10.08 19:21:39 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2011.10.08 19:21:39 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2011.10.08 19:21:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2011.10.08 19:21:38 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2011.10.08 19:21:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2011.10.08 19:21:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2011.10.08 19:21:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2011.10.08 19:21:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2011.10.08 19:21:37 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2011.10.08 19:21:37 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2011.10.08 19:21:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2011.10.08 19:21:37 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2011.10.08 19:20:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2011.10.08 19:20:47 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2011.10.05 16:39:18 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.18 22:35:41 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.18 22:34:20 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.12.18 22:34:20 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.24 10:58:28 | 000,000,061 | ---- | C] () -- C:\Windows\config.ini
[2010.11.23 20:03:15 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.11.23 20:01:53 | 000,000,600 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010.11.23 20:01:52 | 000,002,649 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010.07.06 21:30:30 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2010.03.27 23:15:23 | 000,021,504 | ---- | C] () -- C:\Users\Admin\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2010.11.26 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt
[2010.11.23 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BITS
[2011.10.05 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CAD-KAS
[2010.05.31 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2008.12.12 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exit Windows
[2008.09.14 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.02.06 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LG Electronics
[2011.12.01 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2010.12.18 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Local
[2010.09.27 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2010.07.06 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Millennia
[2011.10.30 10:56:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012.01.27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.02.28 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIPI
[2010.03.01 23:37:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpinTop
[2010.05.31 08:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MatchWare
[2011.07.26 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WildTangent
[2011.07.21 11:17:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.anki
[2011.07.21 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.matplotlib
[2010.11.23 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.10.05 17:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS
[2011.08.27 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2009.12.10 23:08:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2008.12.09 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.02.12 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.12.01 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios
[2010.09.28 00:01:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2008.09.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy
[2010.05.25 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MatchWare
[2010.07.06 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Millennia
[2010.02.23 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusE
[2009.04.17 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NJStar
[2011.10.30 10:58:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2008.09.18 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Open Source Applications Foundation
[2012.01.27 23:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.03.02 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PIPI
[2008.10.07 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2009.04.10 09:28:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PPLive
[2010.12.28 15:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2008.09.18 14:59:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Python-Eggs
[2012.01.15 17:24:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rags
[2011.11.21 16:36:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee
[2010.05.25 22:31:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartDraw
[2008.09.13 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2008.09.20 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2011.10.17 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.01.26 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ultrastardx
[2008.09.14 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2012.03.04 20:44:06 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001Core.job
[2012.03.05 02:44:18 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-672047421-1350469036-312510088-1001UA.job
[2012.03.05 03:52:52 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.01 14:27:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010.11.26 22:09:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt
[2008.09.22 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2010.07.17 09:40:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ArcSoft
[2012.02.18 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira
[2010.11.23 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BITS
[2011.10.05 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CAD-KAS
[2010.05.31 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2010.12.18 22:34:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2008.12.12 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exit Windows
[2008.10.12 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hewlett-Packard
[2008.09.14 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008.09.13 19:43:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.02.06 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2011.02.06 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LG Electronics
[2011.12.01 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2010.12.18 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Local
[2010.09.27 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2008.09.13 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2010.05.31 12:17:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.12.06 10:08:34 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2010.07.06 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Millennia
[2009.02.22 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.10.30 10:56:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012.01.27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.02.28 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIPI
[2012.02.28 23:07:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2010.03.01 23:37:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SpinTop
[2008.09.13 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Symantec
[2008.09.14 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.07.10 10:31:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash 

Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.07.06 21:37:52 | 000,021,630 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}\ARPPRODUCTICON.exe
[2010.07.06 21:37:52 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}

\FTLegend.exe1_1E7C15062BCD46498311FC742781F246.exe
[2010.07.06 21:37:52 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}

\FTLegend.exe_1E7C15062BCD46498311FC742781F246.exe
[2011.11.17 23:15:52 | 000,029,926 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
[2011.11.17 23:15:52 | 000,029,422 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
[2009.07.09 08:32:20 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- 

C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32

\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00

\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84

\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32

\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

\atapi.sys
[2008.08.01 07:43:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- 

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-

dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011.10.07 16:28:36 | 000,024,704 | R--- | M] () MD5=003C387405B636F7633DAD80FDE9F436 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691

\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- 

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4

\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-

netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-

netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32

\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- 

C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-

s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-

user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-

user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-

wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- 

C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-

ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:50E9A83B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9CEDC859

< End of report >

Im Anhang auch als Zip.

cosinus · 05.03.2012, 16:10

Zitat:

C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

Aus welcher Quelle stammt "dein" CS4?

Nyo · 05.03.2012, 16:35

Ich muss zugeben, dass ich das nicht weiß - der PC ist ein Handmedown - aber wie es aussieht aus keiner legalen Quelle. Stellt ihr den Support ein? Ich kann es deinstallieren.

cosinus · 05.03.2012, 18:56

Zitat:

der PC ist ein Handmedown

Ein was?

Zitat:

Stellt ihr den Support ein? Ich kann es deinstallieren.

1. das 2. sind gecrackte Programme hochriskant!

01.03.2012, 21:12	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spam-Mails von eigener E-Mailadresse Schau mal im Reiter Logdateien von Malwarebytes anch, dort sind alle Logs zu finden __________________ __________________

05.03.2012, 14:26	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spam-Mails von eigener E-Mailadresse Also dein Log sieht von der Form her merkwürdig aus. Einige Zeilen sind offensichtlich "beschnitten" - prüf das mal ob du das Log ohne Fehler hier reinkopiert hast. Notfalls die OTL.txt zippen und hier als Anhang posten __________________ Logfiles bitte immer in CODE-Tags posten

Spam-Mails von eigener E-Mailadresse

Plagegeister aller Art und deren Bekämpfung: Spam-Mails von eigener E-Mailadresse