System Check Trojaner -> Logfiles angehängt

Antestor · 26.03.2012, 00:00

Hi!

Vorhin beim Arbeiten am PC meldete AntiVir plötzlich einen Viren-Fund, aber da war es scheinbar schon zu spät. EIn paar Sekunden später fuhr der PC runter, dann wieder hoch und der System Check Trojaner bereitete mir einen Empfang mit schwarzem Destktop, 1000en Fehlermeldungen und versteckte alle Dateien.

Ich habe sofort MBAM rüberlaufen lassen und die Bedrohungen entfernt. Nach einen Neustart tauchten keine Probleme mehr auf. Keine Popups, der Task-Manager geht auch wieder und die Platte läuft wieder "normal".
Jetzt bin ich mir aber natürlich nicht sicher, ob das System wirklich sauber ist.

Ich habe die einschlägigen Programme scannen lassen, der ESET Scanner ließ sich leider NICHT starten. Sowohl im Firefox als auch im IE kam die Meldung "cannot get update. is proxy configured". Ich habe natürlich keinen Proxy laufen. Habe auch schon in den LAN-Settings nachgeschaut, dort ist kein Proxy eingetragen. Kann das evtl auch an dem Trojaner liegen?

Hier die Log-Files der Scanner (in der Reihenfolge wie ich gescannt habe.

MBAM Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Antestor :: GRAMHEIM-PC [Administrator]

25.03.2012 23:36:01
mbam-log-2012-03-25 (23-41-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203162
Laufzeit: 5 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\GELPCiJFdpibIeL.exe (Rogue.FakeHDD) -> 2548 -> Keine Aktion durchgeführt.
C:\ProgramData\xrU8zqoQ8MRtH5.exe (Backdoor.Agent.RCGen) -> 4320 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GELPCiJFdpibIeL.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\GELPCiJFdpibIeL.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\windv (Adware.WinDV) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\ProgramData\GELPCiJFdpibIeL.exe (Rogue.FakeHDD) -> Keine Aktion durchgeführt.
C:\ProgramData\xrU8zqoQ8MRtH5.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\Users\Antestor\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\windv\Readme.txt (Adware.WinDV) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\windv\WinDV.exe (Adware.WinDV) -> Keine Aktion durchgeführt.

(Ende)

DDS:

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Antestor at 23:49:35 on 2012-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2375 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\tray\wintmr.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\cc32\webtmr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\cchservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Users\Antestor\Downloads\Defogger(3).exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mLocal Page = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: WebSpeechBHO Class: {83a30c59-3a50-49e6-9daf-4923c4ea3c23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [CCWinTray] C:\Windows\Tray\wintmr.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe
mRun: [StartCCC] "C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [CCWinTray] C:\Windows\Tray\wintmr.exe
StartupFolder: C:\Users\Antestor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Antestor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
uPolicies-system: DisableClock = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
IE: {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
SEH: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No File
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{83A30C59-3A50-49E6-9DAF-4923C4EA3C23}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
SEH-X64: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Firefox Throttle: {ca8b7b3d-b6e6-438f-b935-601b3de48d66} - %profile%\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]
R1 Jula.sys;Service for Juli@ Audio Driver EWDM;C:\Windows\system32\DRIVERS\Jula.sys --> C:\Windows\system32\DRIVERS\Jula.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-11-8 108289]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-11-8 185089]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-25 652360]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-11 2253688]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]
R2 Windows-CCHook-Service;Windows-CCHook-Service;C:\Windows\SysWOW64\cchservice.exe [2009-11-8 1595032]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\system32\drivers\hcw88bda.sys --> C:\Windows\system32\drivers\hcw88bda.sys [?]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\Windows\system32\Drivers\hcw88rc5.sys --> C:\Windows\system32\Drivers\hcw88rc5.sys [?]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\system32\drivers\hcw88tse.sys --> C:\Windows\system32\drivers\hcw88tse.sys [?]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\system32\drivers\hcw88vid.sys --> C:\Windows\system32\drivers\hcw88vid.sys [?]
R3 JulaWDM.sys;Service for Juli@ WDM;C:\Windows\system32\DRIVERS\JulaWDM.sys --> C:\Windows\system32\DRIVERS\JulaWDM.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-1-8 2480048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ksupmgr;File-/Update Service;C:\Windows\System32\ksupmgr.exe [2010-3-26 730264]
S3 DIRECTIO;DIRECTIO;C:\Program Files (x86)\BurnInTest\DirectIo.sys [2009-11-28 15872]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 s0016bus;s0016bus;C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016nd5;s0016nd5;C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;s0016unic;C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-25 21:33:44	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 14:55:05	8669240	---ha-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9267E20C-EAFB-4BC1-A859-98FD55195C92}\mpengine.dll
2012-03-13 23:30:17	5559152	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:30:16	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:30:16	3913584	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 22:31:51	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-03-13 22:31:50	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-03-13 22:31:50	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:43:33	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:43:33	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-03-13 20:43:33	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:43:32	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:43:32	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 20:43:32	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:43:32	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-03-04 13:19:35	--------	d--h--w-	C:\Program Files (x86)\Azureus
2012-02-26 08:31:16	--------	d--h--w-	C:\Program Files (x86)\Free Video Joiner
.
==================== Find3M  ====================
.
2012-03-25 21:46:11	103	---ha-w-	C:\Windows\SysWow64\swctl.dll
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-18 13:15:00	414368	---ha-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 19:43:29	605461	---ha-w-	C:\Windows\SysWow64\~.tmp
2012-01-11 17:10:20	16	---ha-w-	C:\Windows\SysWow64\msvcsv60.dll
2012-01-04 10:44:20	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08	515584	----a-w-	C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2009-11-07 22:26:50	223432	---ha-w-	C:\Program Files (x86)\truecrypt.sys
2009-11-07 22:26:50	222152	---ha-w-	C:\Program Files (x86)\truecrypt-x64.sys
2009-11-07 22:26:50	1559496	---ha-w-	C:\Program Files (x86)\TrueCrypt Format.exe
2009-11-07 22:26:50	1412552	---ha-w-	C:\Program Files (x86)\TrueCrypt.exe
2009-11-07 19:46:04	3358808	---ha-w-	C:\Program Files (x86)\TrueCrypt Setup.exe
2007-02-22 19:08:08	925696	---ha-w-	C:\Program Files (x86)\GSpot.exe
2006-05-03 09:06:54	163328	--sh--r-	C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16	31232	--sh--r-	C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52	216064	--sh--r-	C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 23:50:36,74 ===============

Rouge Killer:

Code:

ATTFilter

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Antestor [Admin rights]
Mode: Scan -- Date: 03/26/2012 00:04:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 19 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD740ADFD-00NLR5 ATA Device +++++
--- User ---
[MBR] 1f4a1467a9b2be1528148b846e3c1b87
[BSP] 7fe747cde4dadedef18facd9c54fe7ed : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31500341AS ATA Device +++++
--- User ---
[MBR] 41d935761acc0fe8c0c084a1acb01176
[BSP] 3f9df8ca049289bbf308cc370ea0c1ef : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1024000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2097154048 | Size: 406796 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD1001FALS-00E8B0 ATA Device +++++
--- User ---
[MBR] 92c07fed2ebe31882fcf0ac864f97a08
[BSP] 2d153c52b2cc30d86ba6b7c310498d78 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 614400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1258293248 | Size: 204800 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1677723648 | Size: 102400 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1887438848 | Size: 32267 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

GMER:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-26 00:18:30
Windows 6.1.7601 Service Pack 1 
Running: rrtvogfr.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}                     
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}@iacbncefjnbljcajje  0x6A 0x61 0x62 0x6B ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}@hamapbjomjglolaf    0x6A 0x61 0x62 0x6B ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}@hahhjgkliidphlnb    0x62 0x63 0x6E 0x6D ...

---- EOF - GMER 1.0.15 ----

OTL:

Code:

ATTFilter

OTL logfile created on: 26.03.2012 00:32:21 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = O:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,49% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,98% Paging File free
Paging file location(s): y:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 9,31 Gb Free Space | 13,45% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 16,05 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 12,63 Gb Free Space | 40,09% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 61,45 Gb Free Space | 61,45% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 50,41 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Antestor\Downloads\RogueKiller.exe ()
PRC - C:\Users\Antestor\Downloads\Defogger(3).exe ()
PRC - O:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\PROGRA~2\FREEDO~1\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer)
PRC - C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Antestor\Downloads\Defogger(3).exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\WinRAR\rarext.dll ()
MOD - C:\Program Files (x86)\totalcmd\unRAR.dll ()
MOD - C:\Program Files (x86)\totalcmd\wcmzip32.dll ()
MOD - C:\PROGRA~2\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL ()
MOD - C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll ()
MOD - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Windows-CCHook-Service) -- C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (hcw88vid) -- C:\Windows\SysNative\drivers\hcw88vid.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (hcw88bda) -- C:\Windows\SysNative\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (HCW88TSE) -- C:\Windows\SysNative\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (hcw88rc5) -- C:\Windows\SysNative\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (JulaWDM.sys) -- C:\Windows\SysNative\drivers\JulaWDM.sys ()
DRV:64bit: - (Jula.sys) -- C:\Windows\SysNative\drivers\Jula.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\drivers\PnP680r.sys (Silicon Image, Inc)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DIRECTIO) -- C:\Program Files (x86)\BurnInTest\DirectIo.sys ()
DRV - (VD_FileDisk) -- C:\Windows\SysWow64\drivers\vd_filedisk.sys (Flint Incorporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 7D 9F C5 D2 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.6
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.13 20:13:11 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.16 00:44:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.16 00:44:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.13 20:12:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.13 20:14:03 | 000,000,000 | -H-D | M]
 
[2010.01.19 23:02:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions
[2010.01.19 23:02:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.26 00:19:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions
[2012.02.21 21:50:03 | 000,000,000 | -H-D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.12.28 19:17:55 | 000,000,000 | -H-D | M] (Web Developer) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.02.21 21:50:04 | 000,000,000 | -H-D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.20 13:21:56 | 000,000,000 | -H-D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.05.07 18:00:07 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.06.24 21:12:41 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com
[2011.01.29 16:23:56 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com
[2012.02.21 21:50:06 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung
[2010.12.11 19:22:47 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\vshare@toolbar
[2010.01.16 15:01:19 | 000,001,340 | -H-- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml
[2009.11.08 16:16:44 | 000,004,153 | -H-- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml
[2012.03.25 23:01:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 20:47:15 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 18:13:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.24 16:19:26 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.11 20:17:20 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.11.12 12:28:13 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.07.07 15:19:09 | 000,000,000 | -H-D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011.12.13 20:13:11 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.10.03 06:06:04 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.08 17:49:41 | 000,075,208 | -H-- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.08.17 18:54:06 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.17 18:54:06 | 000,002,344 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.26 19:51:58 | 000,002,048 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.17 18:54:06 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.17 18:54:06 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.17 18:54:06 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.16 23:13:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 08:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\Antestor\Desktop\RK_Quarantine
[2012.03.25 23:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.25 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.25 22:43:53 | 000,000,000 | -H-D | C] -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.25 20:00:53 | 000,000,000 | -H-D | C] -- C:\Users\Antestor\Documents\AdobeStockPhotos
[2012.03.14 01:30:17 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 01:30:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 01:30:16 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 00:31:50 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.13 22:43:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 22:43:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 22:43:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 22:43:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 22:43:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.04 15:19:37 | 000,000,000 | -H-D | C] -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2012.03.04 15:19:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2012.03.04 15:19:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Azureus
[2012.02.26 10:31:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
[2012.02.26 10:31:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Free Video Joiner
[2011.06.20 21:04:11 | 000,925,696 | -H-- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 00:36:17 | 000,003,862 | -H-- | M] () -- C:\NET.INI
[2012.03.25 23:52:30 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 23:52:30 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 23:50:53 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.25 23:50:53 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.25 23:50:53 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.25 23:50:53 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.25 23:50:53 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.25 23:46:11 | 000,000,103 | -H-- | M] () -- C:\Windows\SysWow64\swctl.dll
[2012.03.25 23:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 23:45:05 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 23:33:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 23:09:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.25 22:45:49 | 000,000,448 | -H-- | M] () -- C:\ProgramData\xrU8zqoQ8MRtH5
[2012.03.25 22:43:54 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~xrU8zqoQ8MRtH5
[2012.03.25 22:43:54 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~xrU8zqoQ8MRtH5r
[2012.03.25 22:43:53 | 000,000,653 | -H-- | M] () -- C:\Users\Antestor\Desktop\System Check.lnk
[2012.03.25 22:42:49 | 003,400,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.20 22:00:08 | 000,009,728 | -H-- | M] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 23:33:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 23:09:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.25 22:43:54 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~xrU8zqoQ8MRtH5
[2012.03.25 22:43:54 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~xrU8zqoQ8MRtH5r
[2012.03.25 22:43:53 | 000,000,653 | -H-- | C] () -- C:\Users\Antestor\Desktop\System Check.lnk
[2012.03.25 22:43:47 | 000,000,448 | -H-- | C] () -- C:\ProgramData\xrU8zqoQ8MRtH5
[2012.03.18 21:11:11 | 004,194,304 | -H-- | C] () -- C:\Users\Antestor\Desktop\(06) Wedding Party - To The Unknown God.mp3
[2012.01.09 22:23:31 | 000,032,184 | -H-- | C] () -- C:\Windows\Irremote.ini
[2011.12.05 23:57:47 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.05 23:38:44 | 000,037,639 | -H-- | C] () -- C:\Windows\alt.Irremote.ini
[2011.12.05 23:22:34 | 000,142,337 | -H-- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.11.16 23:13:29 | 000,000,103 | -H-- | C] () -- C:\Windows\SysWow64\swctl.dll
[2011.07.17 11:44:49 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.17 11:44:14 | 000,033,019 | -H-- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.07.17 11:43:16 | 000,819,200 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 11:43:16 | 000,180,224 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.15 23:37:27 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.01.15 23:37:27 | 000,000,016 | -H-- | C] () -- C:\Windows\msocreg32.dat
[2010.11.21 14:54:32 | 000,695,642 | -H-- | C] () -- C:\Windows\unins000.exe
[2010.11.21 14:54:32 | 000,011,205 | -H-- | C] () -- C:\Windows\unins000.dat
[2010.07.09 22:26:52 | 000,017,408 | -H-- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db
[2010.06.05 02:46:32 | 001,499,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.10 20:29:47 | 000,002,892 | -H-- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.04.10 20:27:45 | 000,000,051 | -H-- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.04.10 20:27:44 | 000,086,016 | -H-- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.03.29 23:22:23 | 000,000,000 | -H-- | C] () -- C:\Windows\HPMProp.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 26.03.2012 00:32:21 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = O:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,49% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,98% Paging File free
Paging file location(s): y:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 9,31 Gb Free Space | 13,45% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 16,05 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 12,63 Gb Free Space | 40,09% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 61,45 Gb Free Space | 61,45% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 50,41 Gb Free Space | 12,69% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CAF01FE2-3E7D-4EEA-B04C-6561D64BB3D0}" = Independence Pro Software Suite 3.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2BEB1D72D273FA04AF79FA3C4E0B1BD7C0B1F627" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CFB93035BA5D9AEFE8B947832E4FB4996B507C7C" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{36C1B8B9-35CE-4B2A-B598-5FA16B795949}" = buzzroom KeyMaker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC67A17-5DB7-425B-93FA-1D82A27B55F5}" = ArcSoft Codec
"{3ACFF226-3D86-422D-A151-1582DA1231C5}" = Samplitude 11 Silver
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95B47464-20BD-4450-BF0F-8F1773EF3F2D}" = MAGIX Speed burnR (MSI)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DCED01E8-8BFA-4E36-BEC7-25DE676D833C}" = AM Track SE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}" = EZdrummer Lite Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}" = FindInMidi
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4F365AB-BD66-4775-A36A-E3D8055873FD}" = EZXMetalHeads
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"1489-3350-5074-6281-1" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ADUSB Treiber Pre-Installation_is1" = ADUSB Treiber Pre-Installation 1.0
"Allway Sync_is1" = Allway Sync version 9.4.11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avi2Dvd" = Avi2Dvd 0.6.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Briz Video Joiner_is1" = Briz Video Joiner
"BurnInTest_is1" = BurnInTest v6.0 Standard
"CDex" = CDex extraction audio
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"DVBViewer Pro_is1" = DVBViewer Pro
"DVD Shrink_is1" = DVD Shrink 3.2
"DVS Guitar_is1" = DVS Guitar v1.04
"eLicenser Control" = eLicenser Control
"energyXT 2.5.4 Beat Edition_is1" = energyXT 2.5.4
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Filter Forge 2_is1" = Filter Forge 2.012
"Filter Forge_is1" = Filter Forge 1.021
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"HaaliMkx" = Haali Media Splitter
"Halls Of Fame Free -  Origami Edition 2.5.2" = Halls Of Fame Free -  Origami Edition 2.5.2
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"huey_is1" = hueyPRO 1.5.0
"Hydrogen" = Hydrogen
"Independence Pro Software Suite 3.0" = Independence Pro Software Suite 3.0
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"Kindersicherung_is1" = Kindersicherung 2010
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LogiEdit" = LogiEdit (remove only)
"MAGIX_MSI_AMTrackSE" = AM Track SE
"MAGIX_MSI_sam11silver" = Samplitude 11 Silver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"Notepad++" = Notepad++
"ObjectDock Plus" = ObjectDock Plus
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"Organ One v. 2.10" = Organ One v. 2.10
"PPLive" = PPLive 1.9
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"REAPER" = REAPER
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"SopCast" = SopCast 3.2.9
"Steinberg Cubase LE" = Steinberg Cubase LE
"Studio Devil BVC_is1" = Studio Devil BVC 1.1
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TC UP" = Total Commander Ultima Prime 5.0.0.0
"TeamViewer 6" = TeamViewer 6
"TFSETTOP_is1" = Top Set 2.00
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"WaveLabLE7" = WaveLab LE 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.3.0
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"ws4.webspeech" = G DATA WebSpeech 4
"XMedia Recode" = XMedia Recode 3.0.7.6
"Xvid_is1" = Xvid 1.2.2 final uninstall
"yellow tools Independence Free 2.5.3 32bit" = yellow tools Independence Free 2.5.3 32bit
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Magical Glass" = Magical Glass
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Bin schon jetzt dankbar für Hilfe. Keine Ahnung wo ich mir den Trojaner eingefangen habe.

kira · 26.03.2012, 06:37

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Code:

ATTFilter

Azureus

die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...

Zitat:

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!

Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

2.
falls existiert unter Systemsteuerung-> Software/Programme...
Wenn nicht absichtlich installiert hast, kannst auch deinstallieren (nicht schädlich, aber kann nervig sein):

Zitat:

VShareToolBar

Firefox-Browser öffnen-> "Einstellungen"-> gewünschte Startseite eingeben (Google oder sonstiges)-> OK
Deinstallieren:
Start-> Einstellungen-> Systemsteuerung-> "Software, Programme"-> die Toolbar von vShare deinstallieren/Entfernen-> Neustart
- meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.6
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
[2011.05.26 19:51:58 | 000,002,048 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.17 18:54:06 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 08:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

:Files
C:\ProgramData\xrU8zqoQ8MRtH5
C:\ProgramData\~xrU8zqoQ8MRtH5
C:\ProgramData\~xrU8zqoQ8MRtH5r
C:\Users\Antestor\Desktop\System Check.lnk
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

SuperAntiSpyware Free Edition
(alle vorhandenen Protokolle!)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Antestor · 26.03.2012, 16:44

Hi Kira, danke für deinen Support!

Noch kurz zum Auftreten meines Problems: Ich merkte gestern morgen, dass eine Verknüpfung aus dem Startmenü nicht mehr funktionierte (Corel Draw). Es wurde immer eine Installations-CD gefordert. Ich dachte mir nichts dabei. Abends kam dann die Meldung bei Antivir. Habe die Berichte des Fundes hier mal geloggt:

Antivir

Code:

ATTFilter

25.03.2012 22:40 [Guard] Malware gefunden
      In der Datei 'C:\Users\Antestor\AppData\Local\Temp\KF3IHuWPMxhUNn.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Datei löschen

25.03.2012 22:40 [Guard] Malware gefunden
      In der Datei 'C:\Users\Antestor\AppData\Local\Temp\KF3IHuWPMxhUNn.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Datei löschen

25.03.2012 22:40 [Guard] Malware gefunden
      In der Datei 'C:\Users\Antestor\AppData\Local\Temp\KF3IHuWPMxhUNn.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Datei löschen

Zitat:

Azureus

Hatte ich installier aber nie im Einsatz. Habs deinstalliert!

Zitat:

VShareToolBar

Ebenfalls deinstalliert.

Zitat:

Fixen mit OTL

Hier das Logfile!

Code:

ATTFilter

OTL logfile created on: 26.03.2012 08:02:58 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = O:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,14% Memory free
8,00 Gb Paging File | 5,94 Gb Available in Paging File | 74,33% Paging File free
Paging file location(s): y:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 10,88 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 14,19 Gb Free Space | 45,04% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Y: | 397,26 Gb Total Space | 53,22 Gb Free Space | 13,40% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 23:30:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- O:\OTL.exe
PRC - [2012.03.16 00:44:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.13 20:11:52 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.12.12 16:51:02 | 000,095,144 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.03.26 09:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2010.03.26 09:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe
PRC - [2010.01.27 18:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2010.01.22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.01.22 21:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.01.22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.01.22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.11.12 06:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 06:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.09.24 08:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007.04.24 20:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.03.08 19:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2003.06.30 18:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.16 00:44:42 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2012.02.18 15:15:00 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010.01.22 21:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010.01.22 21:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files (x86)\WinRAR\rarext.dll
MOD - [2009.09.21 01:32:26 | 000,160,256 | ---- | M] () -- C:\PROGRA~2\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL
MOD - [2009.02.20 06:53:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
MOD - [2007.04.24 16:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007.04.23 01:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007.04.21 14:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007.04.19 15:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2004.07.26 20:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll
MOD - [2003.06.30 18:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
MOD - [2002.11.19 15:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.15 17:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 18:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2010.01.22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.01.08 12:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.11.12 06:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 01:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.29 21:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.09.29 21:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.08.16 18:21:38 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2010.08.16 18:21:34 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2010.08.16 18:21:30 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2010.08.16 18:21:26 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2010.01.22 21:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.01.22 21:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.01.22 21:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.01.22 21:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.01.22 21:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.01.22 21:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.01.22 17:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.01.22 17:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.01.22 17:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.01.08 12:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.01.08 12:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.01.08 12:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.01.08 12:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.12.08 23:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.23 13:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys)
DRV:64bit: - [2009.10.23 13:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys)
DRV:64bit: - [2009.10.07 20:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.07.24 04:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.10.12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.03.19 17:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 7D 9F C5 D2 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.13 20:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.16 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.16 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.13 20:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.13 20:14:03 | 000,000,000 | ---D | M]
 
[2010.01.19 23:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions
[2010.01.19 23:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.26 07:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions
[2012.02.21 21:50:03 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.12.28 19:17:55 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.02.21 21:50:04 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.20 13:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.05.07 18:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.06.24 21:12:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com
[2012.02.21 21:50:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung
[2010.01.16 15:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml
[2009.11.08 16:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml
[2012.03.26 07:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 20:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 18:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.24 16:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.11 20:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.11.12 12:28:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.07.07 15:19:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011.12.13 20:13:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.08 17:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.08.17 18:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.17 18:54:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.17 18:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.17 18:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.11.16 23:13:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 08:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\Antestor\Desktop\RK_Quarantine
[2012.03.25 23:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.25 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.25 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.25 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Antestor\Documents\AdobeStockPhotos
[2012.03.14 01:30:17 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 01:30:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 01:30:16 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 00:31:50 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.13 22:43:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 22:43:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 22:43:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 22:43:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 22:43:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.04 15:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2012.03.04 15:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus
[2012.02.26 10:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
[2012.02.26 10:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Joiner
[2011.06.20 21:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 08:07:38 | 000,003,862 | -H-- | M] () -- C:\NET.INI
[2012.03.26 08:05:33 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 08:05:33 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 08:02:45 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.26 08:02:45 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.26 08:02:45 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.26 08:02:44 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.26 08:02:44 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.26 07:58:40 | 000,000,103 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll
[2012.03.26 07:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 07:58:04 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 23:33:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 22:42:49 | 003,400,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.20 22:00:08 | 000,009,728 | ---- | M] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.26 07:53:45 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.03.26 07:53:45 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.03.26 07:53:45 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[2012.03.26 07:53:45 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.03.26 07:53:45 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2012.03.26 07:53:45 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012.03.26 07:53:45 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.03.26 07:53:45 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\WaveLab LE 7.lnk
[2012.03.26 07:53:45 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.03.26 07:53:45 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.26 07:53:45 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Samplitude 11 Silver.lnk
[2012.03.26 07:53:45 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\TVUPlayer.lnk
[2012.03.26 07:53:45 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TC UP.lnk
[2012.03.26 07:53:45 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.03.26 07:53:44 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.03.26 07:53:44 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.26 07:53:44 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\OptiPNG-UI.lnk
[2012.03.26 07:53:44 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\Meine Bilder.lnk
[2012.03.26 07:53:44 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.26 07:53:44 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.03.26 07:53:44 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2012.03.26 07:53:43 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\buzzroom_KeyMaker.lnk
[2012.03.26 07:53:43 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2012.03.26 07:53:43 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2012.03.26 07:53:43 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\DVBViewer Pro DEMO.lnk
[2012.03.26 07:53:43 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.26 07:53:43 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.03.26 07:53:43 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\DVBViewer.lnk
[2012.03.26 07:53:43 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2012.03.26 07:53:43 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012.03.26 07:53:43 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.03.26 07:53:43 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk
[2012.03.26 07:53:43 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2012.03.26 07:53:43 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Cubase LE.lnk
[2012.03.26 07:53:43 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Independence Live 3.0.lnk
[2012.03.26 07:53:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\hueyPRO Quick Start Guide.lnk
[2012.03.26 07:53:43 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Independence 3.0.lnk
[2012.03.26 07:53:43 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\hueyPRO.lnk
[2012.03.26 07:53:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2012.03.26 07:53:43 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2012.03.26 07:53:43 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2012.03.26 07:53:43 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2012.03.26 07:53:43 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\energyXT 2.5.4.lnk
[2012.03.26 07:53:43 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2012.03.26 07:53:43 | 000,000,702 | ---- | C] () -- C:\Users\Public\Desktop\Install WinTV v7.x CD 2.4d.lnk
[2012.03.26 07:53:42 | 000,002,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © Uninstall.lnk
[2012.03.26 07:53:42 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©.lnk
[2012.03.26 07:53:42 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 07:53:42 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.26 07:53:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.26 07:53:42 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.26 07:53:42 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.26 07:53:42 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012.03.26 07:53:41 | 000,002,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012.03.26 07:53:41 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.03.26 07:53:41 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.03.26 07:53:41 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
[2012.03.26 07:53:41 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.03.26 07:53:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.26 07:53:41 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk
[2012.03.26 07:53:41 | 000,000,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SampleTank 2.5.lnk
[2012.03.26 07:53:40 | 000,002,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2012.03.26 07:53:40 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012.03.26 07:53:40 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012.03.26 07:53:40 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012.03.26 07:53:40 | 000,002,645 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2012.03.26 07:53:40 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.26 07:53:40 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.26 07:53:40 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.03.26 07:53:40 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.03.26 07:53:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.26 07:53:40 | 000,000,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia Authorization Manager.lnk
[2012.03.26 07:53:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.26 07:53:39 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012.03.26 07:53:39 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012.03.26 07:53:39 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[2012.03.26 07:53:39 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[2012.03.26 07:53:39 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.03.26 07:53:39 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.03.26 07:53:39 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.03.26 07:53:39 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.03.26 07:53:39 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.03.26 07:53:39 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 07:53:39 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012.03.25 23:33:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 23:09:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.18 21:11:11 | 004,194,304 | ---- | C] () -- C:\Users\Antestor\Desktop\(06) Wedding Party - To The Unknown God.mp3
[2012.01.09 22:23:31 | 000,032,184 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.12.05 23:57:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.05 23:38:44 | 000,037,639 | ---- | C] () -- C:\Windows\alt.Irremote.ini
[2011.12.05 23:22:34 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.11.16 23:13:29 | 000,000,103 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll
[2011.07.17 11:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.17 11:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.07.17 11:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 11:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.15 23:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.01.15 23:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.11.21 14:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.21 14:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat
[2010.07.09 22:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db
[2010.06.05 02:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.10 20:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.04.10 20:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.04.10 20:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.03.29 23:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
 
========== LOP Check ==========
 
[2010.01.08 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis
[2010.05.15 18:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon
[2010.01.03 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer
[2009.11.21 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo
[2010.05.12 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec
[2012.02.11 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Canneverbe Limited
[2011.12.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.01.04 18:44:20 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion
[2011.02.19 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.06 18:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge
[2011.02.18 22:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2
[2009.11.08 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit
[2010.05.02 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software
[2012.03.26 07:54:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager
[2010.04.17 00:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER
[2011.01.10 21:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze
[2010.01.16 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass
[2011.03.26 23:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX
[2010.09.26 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda
[2012.03.23 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Mp3tag
[2009.11.25 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++
[2011.12.23 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\OfficeRecovery
[2009.11.29 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera
[2009.11.15 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone
[2010.12.11 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive
[2012.03.04 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER
[2011.09.19 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk
[2010.12.23 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix
[2011.01.16 00:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg
[2009.12.03 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings
[2011.02.11 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer
[2010.01.19 23:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird
[2012.01.04 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt
[2011.08.22 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo
[2010.10.09 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets
[2012.01.29 11:25:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\XMedia Recode
[2011.03.27 00:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools
[2010.05.26 23:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD
[2012.02.23 22:24:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Zitat:

CCleaner

Hier die Logdatei:

Code:

ATTFilter

3DMark06	Futuremark Corporation	27.11.2009		1.1.1
3GP Player 2009	Reganam	14.03.2010		1.1
7-Zip 4.65		10.11.2009		
ABBYY FineReader OCR Engine		12.11.2009		
AC3Filter 1.63b	Alexander Vigovsky	16.07.2011		1.63b
Acronis True Image Home	Acronis	07.01.2010	152,5MB	13.0.6053
Adobe Bridge 1.0	Adobe Systems	07.11.2009	87,1MB	001.000.004
Adobe Color Common Settings	Adobe Systems Incorporated	08.12.2011	9,20MB	1.0.1
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	08.12.2011	16,4MB	2.0.2
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	07.11.2009		10.0.32.18
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	17.02.2012	6,00MB	11.1.102.62
Adobe InDesign CS2	Adobe Systems Incorporated	07.11.2009		004.000.000
Adobe Photoshop CS	Adobe Systems, Inc.	07.11.2009		CS
Adobe Photoshop CS3	Adobe Systems Incorporated	14.07.2011	1.085MB	10.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	26.11.2010		11.5.9.615
ADUSB Treiber Pre-Installation 1.0		11.05.2010		
Allway Sync version 9.4.11	Botkind Inc	02.12.2009		
AM Track SE	MAGIX AG	14.01.2011		1.0.0.0
Amazon MP3-Downloader 1.0.9		14.05.2010		
Apple Application Support	Apple Inc.	19.03.2010	32,4MB	1.1.0
Apple Software Update	Apple Inc.	19.03.2010	2,16MB	2.1.1.116
ArcSoft Codec	ArcSoft	04.12.2011		
Artisteer 2	Extensoft	02.01.2010		2.3
Ashampoo Burning Studio 2010	ashampoo GmbH & Co. KG	07.11.2009		9.12
ASIO4ALL		30.01.2010		
ATI Catalyst Install Manager	ATI Technologies, Inc.	07.11.2009	18,3MB	3.0.745.0
Avi2Dvd 0.6.2	TrustFm	16.07.2011		0.6.2
Avira AntiVir Personal - Free Antivirus	Avira GmbH	07.11.2009		
AviSynth 2.5		16.07.2011		
Briz Video Joiner		19.06.2011	1,28MB	
BurnInTest v6.0 Standard	Passmark Software	27.11.2009		6.0
buzzroom KeyMaker	buzzroom	04.12.2010	0,60MB	1.0.0
CCleaner	Piriform	24.03.2012		3.16
CDBurnerXP	CDBurnerXP	10.02.2012	12,7MB	4.4.0.2905
CDex extraction audio		07.11.2009		
CoreAAC Audio Decoder (remove only)		16.07.2011		
DisplayFusion 3.4.1	Binary Fortress Software	02.01.2012	8,52MB	3.4.1.0
DVBViewer Pro	CM&V	04.01.2012	15,6MB	4.9
DVBViewer Pro DEMO	CM&V	04.12.2011	9,43MB	4.8.1
DVD Shrink 3.2	DVD Shrink	01.01.2012		
DVS Guitar v1.04	Dream Vortex Studio	25.09.2010		
eLicenser Control	Steinberg Media Technologies GmbH	09.04.2010		
energyXT 2.5.4	XT Software AS	14.01.2011	8,34MB	
Eraser 6.0.8.2273	The Eraser Project	23.05.2011	3,23MB	6.0.2273
ESET Online Scanner v3		10.11.2011		
EZdrummer	Toontrack	05.03.2011	708MB	1.2.0
EZdrummer Lite Installer	Toontrack	09.01.2011	166,9MB	1.1.4
EZXCocktail	Toontrack	09.01.2011	175,1MB	1.2
EZXMetalHeads	Toontrack	09.03.2011	613MB	1.0.0
ffdshow [rev 3299] [2010-03-03]		16.07.2011		1.0.0.3299
Filter Forge 1.021	Filter Forge, Inc.	09.08.2010		
Filter Forge 2.012	Filter Forge, Inc.	17.03.2012		
FindInMidi	Standardfirmenname	07.05.2011	9,20MB	1.2.0
FLV Player 2.0 (build 25)	Martijn de Visser	09.11.2009		2.0 (build 25)
Foxit Reader	Foxit Software Company	07.11.2009		3.1.3.1030
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	03.04.2011	10,7MB	
Free Download Manager 3.0	FreeDownloadManager.ORG	06.07.2010		
Free Video Joiner 1.1	FreeVideoJoiner.com	25.02.2012		
FreeUndelete 2.1.36867.1	Recoveronix	22.12.2011	0,73MB	2.1.36867.1
Futuremark SystemInfo	Futuremark Corporation	27.11.2009		3.20.1.2
G DATA Logox 4 Speechengine	G DATA Software AG	11.05.2010		
G DATA WebSpeech 4	G DATA Software AG	11.05.2010		
Haali Media Splitter		16.07.2011		
Halls Of Fame Free -  Origami Edition 2.5.2		09.03.2011		
HammerHead Rhythm Station		27.12.2009		
hueyPRO 1.5.0	Pantone & X-Rite	14.11.2009		
Hydrogen		19.11.2009		
Independence Pro Software Suite 3.0		06.11.2009		
Independence Pro Software Suite 3.0	Yellow Tools	11.06.2011		3.0
IrfanView (remove only)		07.11.2009		
Java(TM) 6 Update 29	Sun Microsystems, Inc.	29.12.2009	95,0MB	6.0.290
JDownloader 0.9	AppWork GmbH	25.05.2011		0.9
JDownloader 0.9	AppWork GmbH	06.11.2009		0.9
JMicron JMB36X Driver	JMICRON Technology Corp.	07.11.2009		1.00.0000
KeePass Password Safe 1.16	Dominik Reichl	07.11.2009		1.16
Kindersicherung 2010	Salfeld Computer GmbH	25.03.2010		
Last.fm 1.5.4.27091	Last.fm	20.11.2010		
LogiEdit (remove only)		09.07.2011		
Magical Glass	FreeStone Group	16.04.2010		v.2.0.0.2
MAGIX Screenshare	MAGIX AG	25.03.2011	1,43MB	4.3.6.1987
MAGIX Speed burnR (MSI)	MAGIX AG	25.03.2011	52,9MB	7.0.2.6
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	24.03.2012	17,4MB	1.60.1.1000
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	04.10.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	04.10.2010	2,94MB	4.0.30319
Microsoft Office XP Professional	Microsoft Corporation	07.11.2009	239MB	10.0.2701.01
Microsoft Silverlight	Microsoft Corporation	10.02.2012	22,6MB	5.0.61118.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.02.2012	0,29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	07.11.2009	0,69MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.11.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	12.02.2012	0,59MB	9.0.30729.6161
Miranda IM 0.9.17		09.03.2011		
Mozilla Firefox (3.6.28)	Mozilla	15.03.2012		3.6.28 (de)
Mozilla Thunderbird 10.0.2 (x86 de)	Mozilla	25.02.2012	40,1MB	10.0.2
Mp3tag v2.49a	Florian Heidenreich	18.11.2011		v2.49a
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.11.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,33MB	4.20.9876.0
Notepad++		24.11.2009		5.5
ObjectDock Plus		05.01.2010		
OpenAL		27.11.2009		
Opera 11.61	Opera Software ASA	26.01.2012		11.61.1250
OptiPNG-UI	Vincenzo Fleri	08.01.2011		1.0.0.2
Organ One v. 2.10		23.07.2010		
PantsOff 2.0	Christoph Bünger Software	04.04.2010		2.0
PDFCreator	Frank Heindörfer, Philip Chinery	07.11.2009		0.9.8
PPLive 1.9	Synacast	10.12.2010		1.9.47
Pro Evolution Soccer 2009	KONAMI	07.11.2009	7.564MB	1.20.0000
Pro Evolution Soccer 6	KONAMI	19.08.2011	1.455MB	1.00.0000
QuickTime	Apple Inc.	19.03.2010	77,3MB	7.65.17.80
ratDVD 0.78.1444	ratDVD	27.01.2012		0.78.1444
RealPlayer	RealNetworks	12.12.2011		
REAPER		12.04.2010		
Recuva	Piriform	21.05.2011		1.40
rgc:audio sfz VSTi v1.96		18.08.2011		
SampleTank FREE	IK Multimedia	14.01.2011		2.5.5
Samplitude 11 Silver	MAGIX AG	20.08.2011		11.0.0.0
Sansa Updater	SanDisk Corporation	18.09.2011	0,57MB	1.304
ScanWizard 5		12.11.2009		
SopCast 3.2.9	www.sopcast.com	10.12.2010		3.2.9
Steinberg Cubase LE		30.01.2010		
Steinberg Cubase LE 5	Steinberg Media Technologies GmbH	09.04.2010	91,3MB	5.1.2
Steinberg HALionOne	Steinberg Media Technologies GmbH	09.04.2010	117,7MB	1.1.0.457
Steinberg HALionOne Essential Set	Steinberg Media Technologies GmbH	09.04.2010	101,7MB	1.0.1.457
Studio Devil BVC 1.1	StudioDevil	20.11.2010		
SUPER © Version 2009.bld.36 (June 10, 2009)	eRightSoft	15.12.2009		Version 2009.bld.36 (June 10, 2009)
TeamViewer 6	TeamViewer GmbH	10.02.2011		6.0.10194
TmNationsForever	Nadeo	26.08.2011		
Toontrack solo	Toontrack	09.01.2011	11,3MB	1.2.2
Top Set 2.00	Aldarin	11.03.2010		2.00
Total Commander (Remove or Repair)	Ghisler Software GmbH	07.11.2009		7.50a
Total Commander Ultima Prime 5.0.0.0	ULTIMA PRIME	15.01.2010		5.0.0.0
TrueCrypt	TrueCrypt Foundation	07.11.2009		6.3
TVUPlayer 2.5.3.1	TVU networks	28.01.2011		2.5.3.1
Uninstall 1.0.0.1		03.04.2011	10,9MB	
Unity Web Player	Unity Technologies ApS	03.11.2011	12,0MB	
Veetle TV 0.9.18	Veetle, Inc	18.02.2011		0.9.18
VLC media player 1.1.11	VideoLAN	22.12.2011		1.1.11
VMware Player	VMware, Inc	04.06.2010	488MB	3.0.1.11056
WaveLab LE 7	Steinberg	15.01.2011		7.0.1.506
Winamp	Nullsoft, Inc	07.11.2009		5.56 
Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)	BAUM Retec AG	11.05.2010		02/17/2009 2.04.16
Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)	BAUM Retec AG	12.05.2010		02/17/2009 2.04.16
WinRAR		03.01.2010		
WinUAE 2.3.0	Arabuusimiehet	28.08.2011		2.3.0
Wise Registry Cleaner 5.9.4	ZhiQing Soft, Inc.	11.06.2011	3,46MB	5.9.4
XMedia Recode 3.0.7.6	Sebastian Dörfler	26.01.2012		3.0.7.6
Xvid 1.2.2 final uninstall	Xvid team (Koepi)	16.07.2011		1.2
yellow tools Independence Free 2.5.3 32bit		10.04.2010		
Youtube Downloader HD v. 1.9	YoutubeDownloaderHD.com	25.05.2010		
Zattoo 3.3.4 Beta	Zattoo Inc.	13.11.2009		3.3.4 Beta
Zattoo4 4.0.5	Zattoo Inc.	08.07.2010		4.0.5

Zitat:

SuperAntiSpyware Free Edition

Hier der Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/26/2012 at 11:18 AM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type       : Complete Scan
Total Scan Time : 02:43:17

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 781
Memory threats detected   : 0
Registry items scanned    : 66531
Registry threats detected : 0
File items scanned        : 412304
File threats detected     : 116

Adware.Tracking Cookie
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad.adition[2].txt [ /ad.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adbrite[1].txt [ /adbrite ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ads.adk2[2].txt [ /ads.adk2 ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ads.medienhaus[1].txt [ /ads.medienhaus ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adtech[1].txt [ /adtech ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@advertising[1].txt [ /advertising ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adviva[1].txt [ /adviva ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adx.chip[1].txt [ /adx.chip ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@apmebf[2].txt [ /apmebf ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@at.atwola[1].txt [ /at.atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@atwola[2].txt [ /atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@bs.serving-sys[2].txt [ /bs.serving-sys ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[4].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[5].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[6].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[7].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@de.at.atwola[1].txt [ /de.at.atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@himedia.individuad[2].txt [ /himedia.individuad ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@smartmedia.allyes[2].txt [ /smartmedia.allyes ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@specificclick[2].txt [ /specificclick ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tacoda[1].txt [ /tacoda ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tracking.mindshare[2].txt [ /tracking.mindshare ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tracking.quisma[2].txt [ /tracking.quisma ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tradedoubler[1].txt [ /tradedoubler ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tradedoubler[2].txt [ /tradedoubler ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@traffictrack[1].txt [ /traffictrack ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@unitymedia[2].txt [ /unitymedia ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@yieldmanager[1].txt [ /yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@zanox-affiliate[2].txt [ /zanox-affiliate ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@zanox[1].txt [ /zanox ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\F4XZO1CC.txt [ /2o7.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\TBKLY9D0.txt [ /smartadserver.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\OP6LJ6CP.txt [ /explore.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\8R91AQO4.txt [ /serving-sys.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\UUUFI89O.txt [ /fastclick.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\MDIV43ZQ.txt [ /atdmt.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\ZRX7TJFG.txt [ /fl01.ct2.comclick.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\U6I8Y19M.txt [ /explore.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\5YTWHOGB.txt [ /ad.yieldmanager.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\M6VF0EFH.txt [ /eas.apm.emediate.eu ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\71KPFJVL.txt [ /maniahome.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\VTCHGCE4.txt [ /eset.122.2o7.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\AWNUWIQU.txt [ /c.atdmt.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\LJ2PA4GJ.txt [ /ads.creative-serving.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\S4A00CUZ.txt [ /doubleclick.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\XNUDU3X7.txt [ /mediaplex.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\AE8OQZ7S.txt [ /statcounter.com ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[4].txt [ Cookie:antestor@clkads.com/adServe/static/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adx.chip[2].txt [ Cookie:antestor@adx.chip.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tradedoubler[1].txt [ Cookie:antestor@tradedoubler.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@serving-sys[1].txt [ Cookie:antestor@serving-sys.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@advertising[2].txt [ Cookie:antestor@advertising.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tto2.traffictrack[1].txt [ Cookie:antestor@tto2.traffictrack.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@atdmt[1].txt [ Cookie:antestor@atdmt.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@trackalyzer[1].txt [ Cookie:antestor@trackalyzer.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[3].txt [ Cookie:antestor@clkads.com/adServe/banners ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@msnportal.112.2o7[1].txt [ Cookie:antestor@msnportal.112.2o7.net/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@de.sitestat[1].txt [ Cookie:antestor@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adtech[1].txt [ Cookie:antestor@adtech.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@bs.serving-sys[2].txt [ Cookie:antestor@bs.serving-sys.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tracking.mlsat02[1].txt [ Cookie:antestor@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@ad3.adfarm1.adition[1].txt [ Cookie:antestor@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[2].txt [ Cookie:antestor@clkads.com/adServe/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@doubleclick[1].txt [ Cookie:antestor@doubleclick.net/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@traffictrack[2].txt [ Cookie:antestor@traffictrack.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adfarm1.adition[2].txt [ Cookie:antestor@adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\Cookies\F4XZO1CC.txt [ Cookie:antestor@2o7.net/ ]
	C:\USERS\ANTESTOR\Cookies\OP6LJ6CP.txt [ Cookie:antestor@explore.trackmania.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@himedia.individuad[2].txt [ Cookie:antestor@himedia.individuad.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@ad.adition[2].txt [ Cookie:antestor@ad.adition.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@content.yieldmanager[5].txt [ Cookie:antestor@content.yieldmanager.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adx.chip[1].txt [ Cookie:antestor@adx.chip.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tradedoubler[1].txt [ Cookie:antestor@tradedoubler.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adbrite[1].txt [ Cookie:antestor@adbrite.com/ ]
	C:\USERS\ANTESTOR\Cookies\8R91AQO4.txt [ Cookie:antestor@serving-sys.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@smartmedia.allyes[2].txt [ Cookie:antestor@smartmedia.allyes.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@advertising[1].txt [ Cookie:antestor@advertising.com/ ]
	C:\USERS\ANTESTOR\Cookies\UUUFI89O.txt [ Cookie:antestor@fastclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\MDIV43ZQ.txt [ Cookie:antestor@atdmt.com/ ]
	C:\USERS\ANTESTOR\Cookies\ZRX7TJFG.txt [ Cookie:antestor@fl01.ct2.comclick.com/ ]
	C:\USERS\ANTESTOR\Cookies\U6I8Y19M.txt [ Cookie:antestor@explore.trackmania.com/home/ ]
	C:\USERS\ANTESTOR\Cookies\5YTWHOGB.txt [ Cookie:antestor@ad.yieldmanager.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@atwola[2].txt [ Cookie:antestor@atwola.com/ ]
	C:\USERS\ANTESTOR\Cookies\VTCHGCE4.txt [ Cookie:antestor@eset.122.2o7.net/ ]
	C:\USERS\ANTESTOR\Cookies\AWNUWIQU.txt [ Cookie:antestor@c.atdmt.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@specificclick[2].txt [ Cookie:antestor@specificclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adtech[1].txt [ Cookie:antestor@adtech.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@bs.serving-sys[2].txt [ Cookie:antestor@bs.serving-sys.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@unitymedia[2].txt [ Cookie:antestor@unitymedia.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@ad3.adfarm1.adition[1].txt [ Cookie:antestor@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tacoda[1].txt [ Cookie:antestor@tacoda.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@de.at.atwola[1].txt [ Cookie:antestor@de.at.atwola.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@yieldmanager[1].txt [ Cookie:antestor@yieldmanager.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@apmebf[2].txt [ Cookie:antestor@apmebf.com/ ]
	C:\USERS\ANTESTOR\Cookies\S4A00CUZ.txt [ Cookie:antestor@doubleclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\XNUDU3X7.txt [ Cookie:antestor@mediaplex.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tracking.mindshare[2].txt [ Cookie:antestor@tracking.mindshare.de/ ]
	C:\USERS\ANTESTOR\Cookies\AE8OQZ7S.txt [ Cookie:antestor@statcounter.com/ ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ADSERV.KWICK[2].TXT [ /ADSERV.KWICK ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@KONTERA[1].TXT [ /KONTERA ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ZANOX[1].TXT [ /ZANOX ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]

NotHarmful.Sysinternals Bluescreen Screen Saver
	W:\SURVIVE\DIESDAS\BLUESCREEN\SYSINTERNALS BLUESCREEN.SCR

Trojan.Agent/Gen-Krpytik
	W:\SURVIVE\DIESDAS\PACKER\WINRAR2\IWIN.SFX

Trojan.SF
	W:\SURVIVE\GAMES\SF\SF.EXE

Adware.Vundo/Variant-MSFake
	C:\PROGRAM FILES (X86)\BWS 4\BIN\MSVCRT3.DLL
	C:\PROGRAM FILES (X86)\BIBLE WORKSHOP 4.4\BIN\MSVCRT3.DLL

Trojan.Agent/Gen-Autorun[Swisyn]
	C:\PROGRAM FILES (X86)\TC UP\PLUGINS\WFX\NTFS4TC\NTFSFS.WFX

Vielen Dank für deine Hilfe!!

kira · 26.03.2012, 22:37

1.
Deine Javaversion ist nicht aktuell!-> Java(TM) 6 Update 29
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Aktualisieren:

Code:

ATTFilter

Mozilla Firefox

3.

Code:

ATTFilter

Wise Registry Cleaner

Sogenannte Optimierungstool, Registry-Säuberungs-Programm gibt es viele! Die Hersteller versprechen weitaus mehr, als letztlich wirklich halten können. Ich rate Dir also dringend davon ab solche Tools einzusetzen, die so tief in die Registry eingreifen und "völlig automatisch" versuchen Windows zu optimieren,, da eine winzige Änderung in der Registry (z.B "falsch gelöschte" Einträge) kann fatale Folgen haben! Dann wundert man sich, dass Windows irgendwann lahmt oder Abstürze bringt! - Ich kann mir nicht vorstellen, dass irgendein Programm zwischen nützlichen und unnützen unterscheiden kann und "völlig automatisch" entscheiden kann, was Windows wirklich benötigt und was nicht! Fraglich auch, ob alle zuvor angelegten Sicherungsdateien bei Problemen einfach wiederherstellen kann, wie es der Hersteller versprochen hat?
Windows garnix so dumm, wie oft behauptet wird! - Windows mit Eigenmittel zu beschleunigen, bietet an von Hause aus einen ordentlichen Werkzeugkoffer, mit guter Ausstattung für "Heimwerker":
...das Glück liegt darin, da weiß man wenigstens was man tut!

Tipps:
► Wenn wir fertig sind, kannst "ausprobieren":

4.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

6.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Antestor · 28.03.2012, 06:21

Moin!

Danke für deine Hilfe!

Zitat:

Deine Javaversion ist nicht aktuell!-> Java(TM) 6 Update 29

Aktualisiert!

Zitat:

Mozilla Firefox

Auch aktualisiert!

Zitat:

Wise Registry Cleaner

Hab ich deinstalliert!

Zitat:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"

Hab ich gemacht!

Zitat:

MBR mit aswMBR von Avast prüfen

Hier das Logfile:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 19:23:13
-----------------------------
19:23:13.500    OS Version: Windows x64 6.1.7601 Service Pack 1
19:23:13.500    Number of processors: 2 586 0xF0D
19:23:13.515    ComputerName: GRAMHEIM-PC  UserName: Antestor
19:23:16.245    Initialize success
19:23:55.958    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:23:55.974    Disk 0 Vendor: WDC_WD740ADFD-00NLR5 21.07QR5 Size: 70911MB BusType: 3
19:23:55.974    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
19:23:55.974    Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
19:23:55.974    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
19:23:55.974    Disk 2 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
19:23:55.989    Disk 0 MBR read successfully
19:23:55.989    Disk 0 MBR scan
19:23:56.005    Disk 0 Windows 7 default MBR code
19:23:56.005    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        70896 MB offset 63
19:23:56.021    Disk 0 scanning C:\Windows\system32\drivers
19:24:05.942    Service scanning
19:24:20.809    Modules scanning
19:24:20.809    Disk 0 trace - called modules:
19:24:20.825    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:24:20.840    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005819370]
19:24:20.840    3 CLASSPNP.SYS[fffff8800159f43f] -> nt!IofCallDriver -> [0xfffffa80052c8670]
19:24:20.840    5 ACPI.sys[fffff88000f7a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052d7060]
19:24:20.856    Scan finished successfully
19:24:37.501    Disk 0 MBR has been saved successfully to "Y:\MBR.dat"
19:24:37.501    The log file has been saved successfully to "Y:\aswMBR.txt"

Zitat:

SUPERAntiSpyware FREE Edition

Hier das Logfile:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/27/2012 at 09:38 PM

Application Version : 5.0.1146

Core Rules Database Version : 8385
Trace Rules Database Version: 6197

Scan type       : Complete Scan
Total Scan Time : 02:11:44

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 801
Memory threats detected   : 0
Registry items scanned    : 66553
Registry threats detected : 0
File items scanned        : 410444
File threats detected     : 270

Adware.Tracking Cookie
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad.adition[2].txt [ /ad.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adbrite[1].txt [ /adbrite ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ads.adk2[2].txt [ /ads.adk2 ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@ads.medienhaus[1].txt [ /ads.medienhaus ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adtech[1].txt [ /adtech ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@advertising[1].txt [ /advertising ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adviva[1].txt [ /adviva ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@adx.chip[1].txt [ /adx.chip ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@apmebf[2].txt [ /apmebf ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@at.atwola[1].txt [ /at.atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@atwola[2].txt [ /atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@bs.serving-sys[2].txt [ /bs.serving-sys ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[4].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[5].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[6].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@content.yieldmanager[7].txt [ /content.yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@de.at.atwola[1].txt [ /de.at.atwola ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@himedia.individuad[2].txt [ /himedia.individuad ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@imrworldwide[2].txt [ /imrworldwide ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@smartmedia.allyes[2].txt [ /smartmedia.allyes ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@specificclick[2].txt [ /specificclick ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tacoda[1].txt [ /tacoda ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tracking.mindshare[2].txt [ /tracking.mindshare ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tracking.quisma[2].txt [ /tracking.quisma ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tradedoubler[1].txt [ /tradedoubler ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@tradedoubler[2].txt [ /tradedoubler ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@traffictrack[1].txt [ /traffictrack ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@unitymedia[2].txt [ /unitymedia ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@yieldmanager[1].txt [ /yieldmanager ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@zanox-affiliate[2].txt [ /zanox-affiliate ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\antestor@zanox[1].txt [ /zanox ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\F4XZO1CC.txt [ /2o7.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\TBKLY9D0.txt [ /smartadserver.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\OP6LJ6CP.txt [ /explore.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\8R91AQO4.txt [ /serving-sys.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\UUUFI89O.txt [ /fastclick.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\MDIV43ZQ.txt [ /atdmt.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\ZRX7TJFG.txt [ /fl01.ct2.comclick.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\U6I8Y19M.txt [ /explore.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\5YTWHOGB.txt [ /ad.yieldmanager.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\M6VF0EFH.txt [ /eas.apm.emediate.eu ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\71KPFJVL.txt [ /maniahome.trackmania.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\VTCHGCE4.txt [ /eset.122.2o7.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\AWNUWIQU.txt [ /c.atdmt.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\LJ2PA4GJ.txt [ /ads.creative-serving.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\S4A00CUZ.txt [ /doubleclick.net ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\XNUDU3X7.txt [ /mediaplex.com ]
	C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Cookies\AE8OQZ7S.txt [ /statcounter.com ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[4].txt [ Cookie:antestor@clkads.com/adServe/static/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adx.chip[2].txt [ Cookie:antestor@adx.chip.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tradedoubler[1].txt [ Cookie:antestor@tradedoubler.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@serving-sys[1].txt [ Cookie:antestor@serving-sys.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@advertising[2].txt [ Cookie:antestor@advertising.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tto2.traffictrack[1].txt [ Cookie:antestor@tto2.traffictrack.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@atdmt[1].txt [ Cookie:antestor@atdmt.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@trackalyzer[1].txt [ Cookie:antestor@trackalyzer.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[3].txt [ Cookie:antestor@clkads.com/adServe/banners ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@msnportal.112.2o7[1].txt [ Cookie:antestor@msnportal.112.2o7.net/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@de.sitestat[1].txt [ Cookie:antestor@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adtech[1].txt [ Cookie:antestor@adtech.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@bs.serving-sys[2].txt [ Cookie:antestor@bs.serving-sys.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@tracking.mlsat02[1].txt [ Cookie:antestor@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@ad3.adfarm1.adition[1].txt [ Cookie:antestor@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@clkads[2].txt [ Cookie:antestor@clkads.com/adServe/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@doubleclick[1].txt [ Cookie:antestor@doubleclick.net/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@traffictrack[2].txt [ Cookie:antestor@traffictrack.de/ ]
	C:\USERS\ANTESTOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\antestor@adfarm1.adition[2].txt [ Cookie:antestor@adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\Cookies\F4XZO1CC.txt [ Cookie:antestor@2o7.net/ ]
	C:\USERS\ANTESTOR\Cookies\OP6LJ6CP.txt [ Cookie:antestor@explore.trackmania.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@himedia.individuad[2].txt [ Cookie:antestor@himedia.individuad.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@ad.adition[2].txt [ Cookie:antestor@ad.adition.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@content.yieldmanager[5].txt [ Cookie:antestor@content.yieldmanager.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adx.chip[1].txt [ Cookie:antestor@adx.chip.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tradedoubler[1].txt [ Cookie:antestor@tradedoubler.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adbrite[1].txt [ Cookie:antestor@adbrite.com/ ]
	C:\USERS\ANTESTOR\Cookies\8R91AQO4.txt [ Cookie:antestor@serving-sys.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@smartmedia.allyes[2].txt [ Cookie:antestor@smartmedia.allyes.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@advertising[1].txt [ Cookie:antestor@advertising.com/ ]
	C:\USERS\ANTESTOR\Cookies\UUUFI89O.txt [ Cookie:antestor@fastclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\MDIV43ZQ.txt [ Cookie:antestor@atdmt.com/ ]
	C:\USERS\ANTESTOR\Cookies\ZRX7TJFG.txt [ Cookie:antestor@fl01.ct2.comclick.com/ ]
	C:\USERS\ANTESTOR\Cookies\U6I8Y19M.txt [ Cookie:antestor@explore.trackmania.com/home/ ]
	C:\USERS\ANTESTOR\Cookies\5YTWHOGB.txt [ Cookie:antestor@ad.yieldmanager.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@atwola[2].txt [ Cookie:antestor@atwola.com/ ]
	C:\USERS\ANTESTOR\Cookies\VTCHGCE4.txt [ Cookie:antestor@eset.122.2o7.net/ ]
	C:\USERS\ANTESTOR\Cookies\AWNUWIQU.txt [ Cookie:antestor@c.atdmt.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@specificclick[2].txt [ Cookie:antestor@specificclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@adtech[1].txt [ Cookie:antestor@adtech.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@bs.serving-sys[2].txt [ Cookie:antestor@bs.serving-sys.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@unitymedia[2].txt [ Cookie:antestor@unitymedia.de/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@ad3.adfarm1.adition[1].txt [ Cookie:antestor@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tacoda[1].txt [ Cookie:antestor@tacoda.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@de.at.atwola[1].txt [ Cookie:antestor@de.at.atwola.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@yieldmanager[1].txt [ Cookie:antestor@yieldmanager.net/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@apmebf[2].txt [ Cookie:antestor@apmebf.com/ ]
	C:\USERS\ANTESTOR\Cookies\S4A00CUZ.txt [ Cookie:antestor@doubleclick.net/ ]
	C:\USERS\ANTESTOR\Cookies\XNUDU3X7.txt [ Cookie:antestor@mediaplex.com/ ]
	C:\USERS\ANTESTOR\Cookies\antestor@tracking.mindshare[2].txt [ Cookie:antestor@tracking.mindshare.de/ ]
	C:\USERS\ANTESTOR\Cookies\AE8OQZ7S.txt [ Cookie:antestor@statcounter.com/ ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ADSERV.KWICK[2].TXT [ /ADSERV.KWICK ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@KONTERA[1].TXT [ /KONTERA ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ZANOX[1].TXT [ /ZANOX ]
	C:\USERS\ANTESTOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANTESTOR@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	www.tldadserv.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.maximumfindings.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.maximumfindings.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	wbr-ads-01.odmedia.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	e2.emediate.se [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	stats.vortrieb.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.earthlink.122.2o7.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.gostats.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.skydeutschland.122.2o7.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.harrenmedianetwork.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.kaspersky.122.2o7.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\COOKIES.SQLITE ]

NotHarmful.Sysinternals Bluescreen Screen Saver
	W:\SURVIVE\DIESDAS\BLUESCREEN\SYSINTERNALS BLUESCREEN.SCR

Trojan.Agent/Gen-Krpytik
	W:\SURVIVE\DIESDAS\PACKER\WINRAR2\IWIN.SFX

Trojan.SF
	W:\SURVIVE\GAMES\SF\SF.EXE

Adware.Vundo/Variant-MSFake
	C:\PROGRAM FILES (X86)\BWS 4\BIN\MSVCRT3.DLL
	C:\PROGRAM FILES (X86)\BIBLE WORKSHOP 4.4\BIN\MSVCRT3.DLL

Trojan.Agent/Gen-Autorun[Swisyn]
	C:\PROGRAM FILES (X86)\TC UP\PLUGINS\WFX\NTFS4TC\NTFSFS.WFX

Zitat:

ESET Online Scanner

Konnte ich jetzt starten! Hier das Logfile:

Code:

ATTFilter

C:\Users\Antestor\Downloads\crc_killer_2.0.rar	Win32/Packed.Autoit.D.Gen application	deleted - quarantined
O:\CRC-Killer_2.0\CRC-Killer.exe	Win32/Packed.Autoit.D.Gen application	deleted - quarantined

Zitat:

OTL

Hier das Logfile:

Code:

ATTFilter

OTL logfile created on: 28.03.2012 07:03:53 - Run 5
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,88% Memory free
8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): y:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 11,36 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 16,05 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,14 Gb Free Space | 1,86% Space Free | Partition Type: FAT32
Drive F: | 3,74 Gb Total Space | 0,16 Gb Free Space | 4,29% Space Free | Partition Type: FAT32
Drive G: | 7,31 Gb Total Space | 5,30 Gb Free Space | 72,50% Space Free | Partition Type: FAT32
Drive H: | 29,71 Gb Total Space | 11,87 Gb Free Space | 39,94% Space Free | Partition Type: FAT32
Drive O: | 31,51 Gb Total Space | 14,17 Gb Free Space | 44,97% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 66,87 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 59,55 Gb Free Space | 14,99% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.28 07:02:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Antestor\Downloads\OTL(1).exe
PRC - [2012.03.27 19:09:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.13 20:11:52 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.12.12 16:51:02 | 000,095,144 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.09.30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.03.26 09:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2010.03.26 09:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe
PRC - [2010.01.27 18:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2010.01.22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.01.22 21:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.01.22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.01.22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.11.12 06:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 06:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.11.08 00:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
PRC - [2009.09.24 08:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007.04.24 20:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.03.08 19:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2003.06.30 18:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.27 19:09:22 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.18 15:15:00 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2010.01.22 21:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010.01.22 21:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files (x86)\WinRAR\rarext.dll
MOD - [2009.09.21 01:32:26 | 000,160,256 | ---- | M] () -- C:\PROGRA~2\TCUP~1\PLUGINS\Library\TCUPSH~1.DLL
MOD - [2007.04.24 16:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007.04.23 01:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007.04.21 14:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007.04.19 15:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2004.07.26 20:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll
MOD - [2003.06.30 18:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
MOD - [2002.11.19 15:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.07.15 17:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 18:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2010.01.22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.01.08 12:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.11.12 06:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 01:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.29 21:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.09.29 21:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.08.16 18:21:38 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2010.08.16 18:21:34 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2010.08.16 18:21:30 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2010.08.16 18:21:26 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2010.01.22 21:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.01.22 21:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.01.22 21:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.01.22 21:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.01.22 21:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.01.22 21:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.01.22 17:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.01.22 17:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.01.22 17:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.01.08 12:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.01.08 12:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.01.08 12:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.01.08 12:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.12.08 23:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.23 13:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys)
DRV:64bit: - [2009.10.23 13:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys)
DRV:64bit: - [2009.10.07 20:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.07.24 04:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.10.12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.03.19 17:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 7D 9F C5 D2 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.13 20:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.27 19:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.27 19:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.13 20:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.13 20:14:03 | 000,000,000 | ---D | M]
 
[2010.01.19 23:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions
[2010.01.19 23:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.27 19:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions
[2012.02.21 21:50:03 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.12.28 19:17:55 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.02.21 21:50:04 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.20 13:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.05.07 18:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012.02.21 21:50:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung
[2010.01.16 15:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml
[2009.11.08 16:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml
[2012.03.27 19:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANTESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU5646SY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.27 19:09:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 19:07:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.08 17:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.27 19:09:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 19:09:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.27 19:09:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 19:09:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 19:09:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 19:09:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.16 23:13:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 08:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 19:22:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Antestor\Desktop\aswMBR.exe
[2012.03.27 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.27 19:07:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.27 19:07:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.27 19:07:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.26 17:58:03 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\vlc
[2012.03.26 17:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.26 08:27:11 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.26 08:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.03.26 08:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.26 08:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.03.26 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\Antestor\Desktop\RK_Quarantine
[2012.03.25 23:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.25 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.25 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.25 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Antestor\Documents\AdobeStockPhotos
[2012.03.14 01:30:17 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 01:30:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 01:30:16 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 00:31:50 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.13 22:43:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 22:43:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 22:43:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 22:43:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 22:43:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.04 15:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2012.03.04 15:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus
[2011.06.20 21:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 07:07:16 | 000,003,862 | -H-- | M] () -- C:\NET.INI
[2012.03.27 22:55:25 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 22:55:25 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 22:55:25 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 22:55:25 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 22:55:25 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 22:11:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 22:11:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 22:04:01 | 000,000,103 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll
[2012.03.27 22:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 22:03:21 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.27 19:22:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Antestor\Desktop\aswMBR.exe
[2012.03.27 19:17:35 | 003,400,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.27 19:07:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.27 19:07:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.27 19:07:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.27 19:07:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.26 17:53:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.26 08:26:39 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.25 23:33:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 22:00:08 | 000,009,728 | ---- | M] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.27 19:09:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.26 17:53:42 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.26 08:26:39 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.26 07:53:45 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012.03.26 07:53:45 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\ScanWizard 5.lnk
[2012.03.26 07:53:45 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Scanner Configuration.lnk
[2012.03.26 07:53:45 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.03.26 07:53:45 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2012.03.26 07:53:45 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.03.26 07:53:45 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\WaveLab LE 7.lnk
[2012.03.26 07:53:45 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.03.26 07:53:45 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Samplitude 11 Silver.lnk
[2012.03.26 07:53:45 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\TVUPlayer.lnk
[2012.03.26 07:53:45 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TC UP.lnk
[2012.03.26 07:53:45 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.03.26 07:53:44 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.03.26 07:53:44 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.26 07:53:44 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\OptiPNG-UI.lnk
[2012.03.26 07:53:44 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\Meine Bilder.lnk
[2012.03.26 07:53:44 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.26 07:53:44 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.03.26 07:53:44 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2012.03.26 07:53:43 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\buzzroom_KeyMaker.lnk
[2012.03.26 07:53:43 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2012.03.26 07:53:43 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2012.03.26 07:53:43 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\DVBViewer Pro DEMO.lnk
[2012.03.26 07:53:43 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.03.26 07:53:43 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.03.26 07:53:43 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\DVBViewer.lnk
[2012.03.26 07:53:43 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2012.03.26 07:53:43 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012.03.26 07:53:43 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.03.26 07:53:43 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk
[2012.03.26 07:53:43 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2012.03.26 07:53:43 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Cubase LE.lnk
[2012.03.26 07:53:43 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Independence Live 3.0.lnk
[2012.03.26 07:53:43 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Independence 3.0.lnk
[2012.03.26 07:53:43 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\hueyPRO.lnk
[2012.03.26 07:53:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2012.03.26 07:53:43 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2012.03.26 07:53:43 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2012.03.26 07:53:43 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2012.03.26 07:53:43 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\energyXT 2.5.4.lnk
[2012.03.26 07:53:43 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2012.03.26 07:53:42 | 000,002,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © Uninstall.lnk
[2012.03.26 07:53:42 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©.lnk
[2012.03.26 07:53:42 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 07:53:42 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.26 07:53:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.26 07:53:42 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.26 07:53:42 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.26 07:53:42 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012.03.26 07:53:41 | 000,002,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012.03.26 07:53:41 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.03.26 07:53:41 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.03.26 07:53:41 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
[2012.03.26 07:53:41 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.03.26 07:53:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.26 07:53:41 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk
[2012.03.26 07:53:41 | 000,000,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SampleTank 2.5.lnk
[2012.03.26 07:53:40 | 000,002,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2012.03.26 07:53:40 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012.03.26 07:53:40 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012.03.26 07:53:40 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012.03.26 07:53:40 | 000,002,645 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2012.03.26 07:53:40 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.03.26 07:53:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.26 07:53:40 | 000,000,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia Authorization Manager.lnk
[2012.03.26 07:53:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.26 07:53:39 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012.03.26 07:53:39 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012.03.26 07:53:39 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[2012.03.26 07:53:39 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[2012.03.26 07:53:39 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.03.26 07:53:39 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.03.26 07:53:39 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.03.26 07:53:39 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.03.26 07:53:39 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.03.26 07:53:39 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 07:53:39 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk
[2012.03.25 23:33:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.25 23:09:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.18 21:11:11 | 004,194,304 | ---- | C] () -- C:\Users\Antestor\Desktop\(06) Wedding Party - To The Unknown God.mp3
[2012.01.09 22:23:31 | 000,032,184 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.12.05 23:57:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.05 23:38:44 | 000,037,639 | ---- | C] () -- C:\Windows\alt.Irremote.ini
[2011.12.05 23:22:34 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.11.16 23:13:29 | 000,000,103 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll
[2011.07.17 11:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.17 11:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.07.17 11:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 11:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.15 23:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.01.15 23:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.11.21 14:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.21 14:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat
[2010.07.09 22:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db
[2010.06.05 02:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.10 20:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.04.10 20:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.04.10 20:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.03.29 23:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
 
========== LOP Check ==========
 
[2010.01.08 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis
[2010.05.15 18:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon
[2010.01.03 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer
[2009.11.21 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo
[2010.05.12 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec
[2012.02.11 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Canneverbe Limited
[2011.12.06 00:29:45 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.03.26 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion
[2011.02.19 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.06 18:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge
[2011.02.18 22:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2
[2009.11.08 17:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit
[2010.05.02 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software
[2012.03.27 19:11:25 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager
[2010.04.17 00:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER
[2011.01.10 21:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze
[2010.01.16 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView
[2011.06.14 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass
[2011.03.26 23:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX
[2010.09.26 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda
[2012.03.23 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Mp3tag
[2009.11.25 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++
[2011.12.23 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\OfficeRecovery
[2009.11.29 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera
[2009.11.15 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone
[2010.12.11 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive
[2012.03.04 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER
[2011.09.19 19:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk
[2010.12.23 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix
[2011.01.16 00:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg
[2009.12.03 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings
[2011.02.11 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer
[2010.01.19 23:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird
[2012.03.27 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt
[2011.08.22 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo
[2010.10.09 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets
[2012.01.29 11:25:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\XMedia Recode
[2011.03.27 00:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools
[2010.05.26 23:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD
[2012.02.23 22:24:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Antestor · 28.03.2012, 06:22

Hier noch das OTL Extras Logfile, das passte nicht mehr in den ersten Post!

Und OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 28.03.2012 07:03:53 - Run 5
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,88% Memory free
8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): y:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 11,36 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 16,05 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,14 Gb Free Space | 1,86% Space Free | Partition Type: FAT32
Drive F: | 3,74 Gb Total Space | 0,16 Gb Free Space | 4,29% Space Free | Partition Type: FAT32
Drive G: | 7,31 Gb Total Space | 5,30 Gb Free Space | 72,50% Space Free | Partition Type: FAT32
Drive H: | 29,71 Gb Total Space | 11,87 Gb Free Space | 39,94% Space Free | Partition Type: FAT32
Drive O: | 31,51 Gb Total Space | 14,17 Gb Free Space | 44,97% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 66,87 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 59,55 Gb Free Space | 14,99% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CAF01FE2-3E7D-4EEA-B04C-6561D64BB3D0}" = Independence Pro Software Suite 3.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2BEB1D72D273FA04AF79FA3C4E0B1BD7C0B1F627" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CFB93035BA5D9AEFE8B947832E4FB4996B507C7C" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{36C1B8B9-35CE-4B2A-B598-5FA16B795949}" = buzzroom KeyMaker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC67A17-5DB7-425B-93FA-1D82A27B55F5}" = ArcSoft Codec
"{3ACFF226-3D86-422D-A151-1582DA1231C5}" = Samplitude 11 Silver
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95B47464-20BD-4450-BF0F-8F1773EF3F2D}" = MAGIX Speed burnR (MSI)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DCED01E8-8BFA-4E36-BEC7-25DE676D833C}" = AM Track SE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}" = EZdrummer Lite Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}" = FindInMidi
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4F365AB-BD66-4775-A36A-E3D8055873FD}" = EZXMetalHeads
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ADUSB Treiber Pre-Installation_is1" = ADUSB Treiber Pre-Installation 1.0
"Allway Sync_is1" = Allway Sync version 9.4.11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avi2Dvd" = Avi2Dvd 0.6.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.1
"Briz Video Joiner_is1" = Briz Video Joiner
"BurnInTest_is1" = BurnInTest v6.0 Standard
"CDex" = CDex extraction audio
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"DVBViewer Pro_is1" = DVBViewer Pro
"DVD Shrink_is1" = DVD Shrink 3.2
"DVS Guitar_is1" = DVS Guitar v1.04
"eLicenser Control" = eLicenser Control
"energyXT 2.5.4 Beat Edition_is1" = energyXT 2.5.4
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Filter Forge 2_is1" = Filter Forge 2.012
"Filter Forge_is1" = Filter Forge 1.021
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"HaaliMkx" = Haali Media Splitter
"Halls Of Fame Free -  Origami Edition 2.5.2" = Halls Of Fame Free -  Origami Edition 2.5.2
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"huey_is1" = hueyPRO 1.5.0
"Hydrogen" = Hydrogen
"Independence Pro Software Suite 3.0" = Independence Pro Software Suite 3.0
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"Kindersicherung_is1" = Kindersicherung 2010
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LogiEdit" = LogiEdit (remove only)
"MAGIX_MSI_AMTrackSE" = AM Track SE
"MAGIX_MSI_sam11silver" = Samplitude 11 Silver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"Notepad++" = Notepad++
"ObjectDock Plus" = ObjectDock Plus
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"Organ One v. 2.10" = Organ One v. 2.10
"PPLive" = PPLive 1.9
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"REAPER" = REAPER
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"SopCast" = SopCast 3.2.9
"Steinberg Cubase LE" = Steinberg Cubase LE
"Studio Devil BVC_is1" = Studio Devil BVC 1.1
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TC UP" = Total Commander Ultima Prime 5.0.0.0
"TeamViewer 6" = TeamViewer 6
"TFSETTOP_is1" = Top Set 2.00
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.1
"VMware_Player" = VMware Player
"WaveLabLE7" = WaveLab LE 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.3.0
"ws4.webspeech" = G DATA WebSpeech 4
"XMedia Recode" = XMedia Recode 3.0.7.6
"Xvid_is1" = Xvid 1.2.2 final uninstall
"yellow tools Independence Free 2.5.3 32bit" = yellow tools Independence Free 2.5.3 32bit
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Magical Glass" = Magical Glass
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Probleme am Rechner konnte ich jetzt nicht mehr finden, ausser, dass Corel Draw sich nicht über das Startmenü starten lässt, aber evtl ist da auch einfach die Verknüpfung falsch. Kann auch nicht genau sagen ob das vorher funktioniert hat. Alle anderen Programme die ich über das Startmenü gestartet hab, funktionieren!

kira · 28.03.2012, 07:40

Kannst Du mir etwas darüber verraten?:

Zitat:

C:\Users\Antestor\Downloads\crc_killer_2.0.rar Win32/Packed.Autoit.D.Gen application deleted - quarantined
O:\CRC-Killer_2.0\CRC-Killer.exe Win32/Packed.Autoit.D.Gen application deleted - quarantined

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL

:Files
C:\Program Files (x86)\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

Antestor · 28.03.2012, 17:42

[QUOTE=kira;802053]Kannst Du mir etwas darüber verraten?:

Den CRC Killer brauchte ich mal letztes Jahr um eine ZIP Datei zu öffnen die beschädigt war. Hat auch funktioniert! Habe ihn bei perfectsoft runtergeladen (kann dir gern den Link geben falls er dich interessiert).

Den OTL-Fix hab ich gemacht. Hier die Logdatei:

Code:

ATTFilter

All processes killed
========== OTL ==========
========== FILES ==========
C:\Program Files (x86)\Azureus\plugins\azupdater folder moved successfully.
C:\Program Files (x86)\Azureus\plugins\azrating folder moved successfully.
C:\Program Files (x86)\Azureus\plugins\azplugins folder moved successfully.
C:\Program Files (x86)\Azureus\plugins folder moved successfully.
C:\Program Files (x86)\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
O:\cmd.bat deleted successfully.
O:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Antestor
->Temp folder emptied: 152430 bytes
->Temporary Internet Files folder emptied: 392480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52125168 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 50,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03282012_183622

Files\Folders moved on Reboot...
C:\Users\Antestor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2124.log moved successfully.

Registry entries deleted on Reboot...

Bis jetzt keine Probleme beim arbeiten am Rechner!

kira · 29.03.2012, 07:45

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

Rechten Maustaste auf den "Arbeitsplatz"-> auf "Eigenschaften"-> Registerkarte "Systemwiederherstellung"
"Systemwiederherstellung deaktivieren"-> "OK"-> alle Fenster schließen
PC runterfahren-> dann wieder einschalten
die Standardeinstellung wiederherzustellen (SWH wieder "aktivieren")

also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

System Check Trojaner -> Logfiles angehängt

Log-Analyse und Auswertung: System Check Trojaner -> Logfiles angehängt